BingX Crypto Platform Experiences $43 Million Security Breach, Progressively Restarts Operations with Pledge to Reimburse Affected Customers

The crypto exchange based in Singapore experienced a security compromise, leading to a theft totaling $43 million, with the majority of the illicitly acquired funds being quickly exchanged for cryptocurrencies ETH and BNB.

BingX announced via X platform on Friday that they detected unauthorized access to their hot wallet, which might indicate a cyber attack. The loss was reported as relatively small since the bulk of their assets were secured in cold storage, and BingX has committed to indemnifying affected users.

“As a safeguard, we have increased the time for recharges & withdrawals while enhancing security measures. Transactions will be processed within 24 hours. We apologize for any inconvenience and thank you for your patience,” BingX added.

BingX declared plans for the phased reinstatement of withdrawal services. The updates include the reactivation of withdrawals over the BSC network for well-known currencies like USDT, USDC, BTC, ETH, TRX, and SOL, as well as the anticipated functionality for USDT withdrawals via the TRC20 network by September 21, 08:30 (UTC+8). Nonetheless, due to additional security checks, some withdrawals may experience delays.

Over the next 1-2 weeks, BingX intends to “methodically restore withdrawals” for additional cryptocurrencies and resume deposit services, though no precise schedules have been confirmed thus far.

Beyond stablecoins, the hackers made off with more than 360 varieties of altcoins. As recorded by Etherscan, a large portion of these cryptocurrencies were traded for ETH and BNB across DEX platforms, such as Uniswap and Kyberswap.

BingX hack – Event Summary

Blockchain security firm PeckSheild notified the public of the breach which caused a $43 million loss predominantly in Ethereum and BNB Chain. Initial estimates put the damage at $26.8 million, but it later reached $16.5 million in various cryptocurrencies taken from the hot wallet. The incident involved thievery of 4.1K BNB, 5.3K ETH, and 1.65M Matic with the hacker promptly exchanging the loot for approximately 7,864.7 $BNB and 4,526 $ETH.

Vivien Lin, the Chief Product Officer at BingX communicated that withdrawals are temporarily on hold, reassuring users that BingX will recompense the affected with company reserves. “We have sufficient capital to cover the minimal and under control losses. Our business operations will not be impacted by this event. Trading activities are still ongoing,” she stated.

Subsequently, BingX issued a notice of temporary wallet maintenance update, indicating a 24-hour maintenance period and a commitment to inform users upon completion. Nonetheless, in a September 20 X piece, Harrison Leggio, co-founder of crypto firm g8keep (aka “Pop Punk”), criticized BingX’s transparency regarding the situation.

He questioned, “Is this ‘wallet maintenance’ or are your wallets being drained?” He also cautioned, “If it’s a CEX you’re using, opt for one that doesn’t settle exploits in such manners.” In light of these events, Keystone, a company specializing in hardware wallets, advised BingX clients to transfer their funds to cold hardware wallets to diminish risks associated with hot wallets.

Growing Security Concerns for Cryptocurrency Exchanges

The recent series of incidents has underscored the vulnerability of crypto exchange platforms, with two notable events emphasizing their security gaps.

A hacker intrusion occurred last week at the cryptocurrency exchange Indodax, leading to a $20 million loss of digital assets. PeckShield, Cyvers, and SlowMist, all blockchain security watchdogs, reported the breach which affected Indodax’s hot wallets, taking a substantial amount of BTC, ETH, TRX, POL, SHIB, and other tokens.

More recently, there was a sequence of unusual transactions on WazirX, an established Indian exchange, which resulted in a staggering $234 million being siphoned from the platform. Cyvers, a Web3 security company, was first to notice suspicious activity starting from WazirX’s Safe Multisig Ethereum wallet. The exchange quickly stopped all transactions and announced that users would be allowed to withdraw only a third of their available INR balance.