• BingX experienced a security breach in its hot wallet, but cold wallets protected most assets.
• The exchange acted quickly, suspending withdrawals and transferring funds to secure storage to limit the damage.

Singapore-based cryptocurrency exchange BingX has confirmed a security breach on its platform, leading to losses in its hot wallet. The incident happened on September 20, 2024, but the exchange has confirmed that all users will be compensated for any loss that they may have incurred. However, most of the user assets are still secure, thanks to the prompt intervention of BingX’s engineering team.

Immediate Response Limits Impact

The breach was discovered on September 20 at around 4:00 AM Singapore time when BingX’s engineering team noticed suspicious network traffic. Given the potential for such a scenario, the team acted proactively and employed the platform’s safeguards that involved suspension of withdrawal options and migration of funds into cold storage wallets. Cold wallets, which are physical storage devices, were not impacted by the breach. 

BingX was quick to act and managed to reduce the losses incurred. In a statement given by Vivien Lin, the product manager of BingX, the company ensured the safety of assets and took immediate action to safeguard the platform. Lin said, “We activated our emergency measures which included transferring assets and suspending withdrawal services.

Withdrawals have been temporarily disabled as the exchange is still determining the extent of the breach and enhancing its security measures. BingX said that the operations are expected to return to normal within one day after a thorough inspection of the security issues. 

Blockchain Data Reveals Attacker’s Fund Movements

PeckShield, a blockchain security company, was the first to notice a single attacker making away with $13 million from BingX’s hot wallet. Soon after, Web3 security firm De.Fi estimated the losses to be closer to $20 million. Both firms are currently actively engaged with BingX to determine the full extent of the attack.

Additional blockchain data from EtherScan showed that hundreds of thousands of dollars in tokens were moved from a wallet named “BingX 15” to another wallet. This wallet activity indicates that the attackers were able to transfer some of the stolen funds, possibly through the decentralized exchange Kyberswap, in an attempt to wash the tainted assets. 

However, BingX has been keen on protecting the assets of the users even after the breach. The exchange also protected the users by promptly disconnecting the affected hot wallet and moving other tokens to cold storage. 

BingX has also provided an assurance that no customer will lose money in the process since the exchange intends to refund all clients who were impacted by the attack. The company has temporarily suspended withdrawals as a precautionary measure to prevent loss of funds during the process of fortifying the platform’s security. 

The BingX hack is among the most recent hacking incidents that have affected the world of cryptocurrencies within the last few weeks. Earlier this week, DeltaPrime, a decentralized finance protocol on the Arbitrum chain, said it lost $5. 9 million due to possible theft. Last week alone, Indonesia’s Indodax exchange had to face the loss of $20 million due to a similar attack.