BingX Hack Overview
On September 20, 2024, the Singapore-based cryptocurrency exchange BingX experienced a significant security breach that resulted in the theft of digital assets estimated to be over $52 million. The incident was characterized by abnormal withdrawals from its hot wallet, which led to immediate concerns about a cyberattack. Initially, the loss was reported at around $26 million but later assessments revealed that the total amount stolen had increased as more affected wallets were identified.
Details of the Breach
The hack primarily targeted Ethereum and Binance Coin (BNB) assets, with hackers draining various cryptocurrencies including Tether (USDT) and over 360 different types of altcoins. According to blockchain security firm PeckShield, the stolen funds included approximately 4.1K BNB, 5.3K ETH, and 1.65M Matic tokens. The attackers quickly converted most of these stolen assets into ETH and BNB through decentralized exchanges like Uniswap and Kyberswap.
Response from BingX
In response to the hack, BingX temporarily halted all withdrawal services while it conducted a thorough investigation and implemented enhanced security measures. The company’s chief product officer, Vivien Lin, reassured users that all losses would be compensated using BingX’s own capital, emphasizing that the overall impact on business operations would be minimal due to most user funds being secured in cold storage.
BingX announced plans to gradually resume withdrawal services starting on September 21 for certain digital assets such as USDT, USDC, BTC, ETH, TRX, and SOL. However, some delays were expected as ongoing security reviews continued.
Security Context
The breach at BingX is part of a broader trend of increasing cyberattacks targeting centralized cryptocurrency exchanges in Asia. Other notable incidents include hacks on Indonesian exchange Indodax and Indian exchange WazirX earlier in 2024. Security experts have attributed many of these attacks to organized groups such as North Korea’s state-backed Lazarus Group.
Overall, while BingX has committed to compensating affected users and enhancing its security protocols following this incident, it underscores the persistent vulnerabilities within centralized cryptocurrency platforms.