Singapore crypto exchange BingX suffers hot wallet exploit, more than $52 million allegedly stolen

BingX, a crypto exchange based in Singapore, has suffered a hack targeting its hot wallets.

The attack affected several blockchains, with Cyvers Alerts estimating a total loss of more than $52 million.

BingX Confirms Hot Wallet Hack

The incident was initially detected by blockchain security firm PeckShield, which reported a “suspicious significant outflow of funds” from the exchange totaling more than $13.5 million in a post on 20 from September to X. This figure was later revised to $26.7 million as the extent of the exploitation became clearer.

The company’s chief product officer, Vivien Lin, addressed the breach in a separate post, stating that at approximately 4 a.m. Singapore time, its technical team identified abnormal network access, suspecting ‘an attack on his hot wallet.

In response, the Singapore-based exchange initiated an emergency plan, which included the urgent transfer of assets and the suspension of withdrawals.

“To protect users’ assets, we use a layered management system, with the majority stored in cold wallets and only a minimal amount kept in hot wallets for withdrawals,” Lin explained. It assured users that while withdrawals have been temporarily halted for an emergency inspection, they aim to restore services within 24 hours.

BingX’s official X account added, “There are only minor losses so far, and we’ve covered it,” explaining that most assets were kept safe in cold wallets, with only a limited amount affected in the hot wallet.

Lin reiterated this by stating that the overall loss was “minimal and manageable”, stressing that users’ assets were safe and well protected under its layered asset management system.

Transparency concerns

However, the figures from on-chain security platforms paint a different picture. PeckShield revealed that in addition to the $26.7 million initially diverted, another $16.5 million was drained hours later, bringing the total estimated losses to more than $43 million.

Cyvers Alerts later updated the loss figure, stating that the total now exceeds $52 million, with most of the stolen assets exchanged. Affected chains include Ethereum, BNBChain, BASE, Optimism, Polygon, Arbitrum, and Avalanche.

According to EtherScan data, an address shared by PeckShield received multiple tokens worth millions of dollars from multiple blockchains. The source of these transfers was a wallet labeled “BingX 15”, one of the popular wallets on the exchange.

On the same day, BingX had issued a notice regarding the temporary maintenance of its wallet system, warning users that deposits and withdrawals may be delayed.

However, this warning received criticism from the crypto community. Harrison Leggio, co-founder of crypto startup g8keep, commented on its transparency and wondered if the situation was just “wallet maintenance,” then why is there a “minor loss of assets?”

He urged users to consider more secure platforms, stating: “If you use a (centralized exchange), use a real one that doesn’t use exploits like this.”

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!