BingX Crypto Exchange Suffers $43M Hot Wallet Hack, Describes Loss as Manageable

Leading Singapore-based cryptocurrency exchange BingX witnessed a hack attack on its hot wallet, leading to significant fund loss.

PeckShield security experts said the hackers stole around $43 million in cryptocurrencies, while BingX downplayed the Loss, calling it “minor and manageable.”

#PeckShieldAlert Another $16.5M worth of cryptos has been drained from #BingX by 0x940362B46faf7DF48Af1c8989d809F50466B5fCA about 7 hours ago.
The stolen funds are currently parked at 0x1Dd7dAf089C16856155FeFd7e2170966bb6b3AEE, totaling 5.3K $ETH, 4.1K $BNB & 1.65M $MATIC.
We…

— PeckShieldAlert (@PeckShieldAlert) September 20, 2024

Peckshield mentioned that the perpetrators moved the stolen funds in several batches.

BingX Responds to Hot Wallet Hack: Withdrawals Paused, Compensation Plan for Users Announced

Bing’s Chief Product Officer, Vicien Lin, provided more details about the recent incident. She explained that BingX’s team discovered it early on September 20, around 4:00 a.m. Singapore time.

At around 4am 20 Sep Singapore time, our technical team detected abnormal network access, suspecting a hacker attack on BingX’s hot wallet. We immediately started our emergency plan, including the urgent transfer of assets and withdraw suspension. There has been minor asset loss,…

— Vivien Lin @ BingX (@Vivien_BingX) September 20, 2024

At that time, the team noticed some unusual activity on the network, which they suspected was due to a hacker attack targeting the exchange’s hot wallet. Following the security breach, Bingx temporarily paused Withdrawals as part of its emergency response to prevent further losses.

Lin reassured that the damage was under control, with only a small amount of assets lost during the incident.

BingX announced plans to resume withdrawals within the next 24 hours, meaning users will soon be able to access their funds after the temporary pause. In addition, the exchange promised to introduce a compensation plan for affected users to make up for any losses they may have experienced due to the hack.

The crypto exchange aims to restore trust by addressing the issue quickly and supporting those impacted. It reassured users that the losses from the hack have been minimal and are fully under control.

🚨 Security Update 🚨

At 4 AM (SGT) on Sept 20, our team detected abnormal access to the BingX hot wallet, suspecting a hacker attack. We immediately initiated an emergency response, including asset transfers and pausing withdrawals.

🔒 Only minor losses so far, and we’ve got… https://t.co/7CFsqF5W20

— BingX (@BingXOfficial) September 20, 2024

Further, BingX revealed that most assets are stored in cold wallets offline and are much harder to hack. The breach affected only a tiny portion of the funds in their hot wallet.

According to the exchange, the situation is manageable, and it can confidently cover the losses.

BingX’s Community Questions Transparency Amid “Wallet Maintenance” Notice

Initially, Blockchain security firm PeckShield reported on X that it detected a suspicious significant fund outflow from the BingX exchange.

Hi @BingXOfficial you may want to take a look –we observe suspicious significant fund outflow (>$13.6m) to this address: https://t.co/BEJAWWoouA

— PeckShield Inc. (@peckshield) September 20, 2024

 It noticed an outflow of over $13.5 million, alerting Bingx to the potential security issues and prompting further investigation.

As the situation developed, PeckShield updated its estimate, raising the figure to $26.7 million. This revision indicated a more extensive breach than first thought.

Meanwhile, analytics platform Lookonchain corroborated these findings, reporting that the estimated losses exceeded $26 million.

On September 20, BingX informed its users that it was conducting temporary maintenance on its wallet system. This announcement indicated that there may be delays in deposits and withdrawals.

In response to BingX’s communication, Harrison Leggio, the co-founder of the crypto startup g8keep, expressed his skepticism in an X post. He criticized the exchange’s words, questioning whether the situation was about maintenance or whether user funds were being drained.

Is it “wallet maintenance” or are your wallets being drained?

If it was “wallet maintenance” then why is there a “minor asset loss”.

If you’re going to use a CEX, please use a real one that doesn’t play off exploits like this. https://t.co/DkhgdjJVc4

— Pop Punk (@PopPunkOnChain) September 20, 2024

His comments highlighted a growing frustration in the crypto community regarding transparency and trust in centralized exchanges. Leggio urged users to choose reputable exchanges and avoid exchanges that will downplay serious security issues while risking users’ assets.