- BingX was hacked in the early hours of Friday, September 20, resulting in the theft of cryptocurrency worth approximately $43 million from the exchange’s hot wallets.
- The attacker stole ETH, BNB, USDT, and more than 300 additional coins and tokens.
- On-chain data indicates the attacker quickly swapped most of the stolen assets into Ethereum and BNB.
Singapore-based crypto exchange BingX suffered a security breach that led to roughly $43 million being drained from its hot wallets. Blockchain security firm PeckShield reported the incident early on Friday.
According to Etherscan data, of the $43 million taken, more than $13.2 million was in ETH, over $2.3 million in BNB, and more than $4.4 million in USDT.
The attacker also withdrew about 360 other tokens from BingX’s hot wallets. Many of these assets were swapped for ETH and BNB on decentralized exchanges such as Uniswap and KyberSwap.
BingX pauses withdrawals
Vivien Lin, CEO of BingX, confirmed the incident in an update posted on X. Lin said the exchange’s technical team detected the intrusion at around 4:00 a.m. on September 20 and observed what they described as “abnormal network access.”
BingX’s security team immediately activated the platform’s emergency response plan, moving assets out of hot wallets and suspending withdrawals. “To ensure security, we are conducting urgent inspections and strengthening wallet services. Withdrawals are temporarily suspended during this time. We sincerely apologize for the inconvenience,” Lin said.
“Withdrawals will be restored within 24 hours at the latest,” she added, reassuring users that the exchange remains secure.
Q3: Is the platform still safe?
Answer: The platform is operating normally, and you can continue trading, using grid strategies, and financial services as usual. Only the wallet is currently under maintenance. Your funds are safe, so please be patient while the wallet…— Vivien Lin @ BingX (@Vivien_BingX) September 20, 2024
BingX indicated the losses were “limited” and confirmed that most user funds are stored in cold wallets. One of the largest exchange hacks of 2024 occurred in July, when attackers stole more than $230 million from India-based exchange WazirX.
The attacker in the BingX incident appears to have laundered a large portion of the stolen funds, including a reported transfer of approximately $6.5 million to Tornado Cash.