As an analyst with over two decades of experience in the finance industry, I have seen my fair share of cyberattacks and security breaches. The recent hack on BingX, a Singapore-based crypto exchange, is yet another stark reminder of the vulnerabilities that exist within the digital asset ecosystem.


BingX, a Singapore-based crypto exchange, has suffered a hack targeting its hot wallets.

Multiple blockchain networks experienced an impact, as per Cybers Alerts’ assessment, resulting in a combined estimated loss exceeding $52 million.

BingX Confirms Hot Wallet Hack

The security firm PeckShield first noticed an unusual large withdrawal of funds, amounting to approximately $13.5 million, from the exchange, as they reported in a post on X on September 20th. As more details emerged about the incident, this initial figure was subsequently updated to $26.7 million, reflecting the full extent of the breach.

In a different message, the company’s head of product, Vivien Lin, spoke about a security issue. She explained that around 4 AM in Singapore, the tech team detected unusual network activity, leading them to believe there might have been an attack on one of their digital wallets.

As a crypto investor, I found myself in a situation where the Singapore-based exchange took swift action, implementing an emergency protocol. This involved promptly moving my assets and temporarily halting withdrawal options to ensure the safety and security of everyone’s investments during this challenging time.

Lin mentioned that we safeguard user funds by using a multi-tier security system, where most assets are kept in offline or ‘cold’ wallets, and just a small portion is accessible in online or ‘hot’ wallets for transactions. She assured users that although withdrawals have been temporarily paused due to an urgent review, they plan to resume operations within a day.

As an analyst, I’d rephrase it as follows: “So far, our platform BingX has experienced minimal losses, which we are confident to manage effectively. The majority of our assets remain safeguarded in cold storage, while a small portion has been affected in our hot wallet.

Lin emphasized once more that the total loss was “small enough to handle” and highlighted that the security of users’ assets was robust and assured through their multi-layered asset protection system.

Transparency Concerns

On the other hand, data from blockchain security providers presents a contrasting image. PeckShield has disclosed that not only was the initial $26.7 million stolen, but an additional $16.5 million was taken later on, pushing the estimated total losses above $43 million.

Cyvers Alerts revised their initial estimate, revealing that the overall loss has surpassed $52 million. A significant portion of the misappropriated assets were traded or exchanged. The impacted blockchain networks encompass Ethereum, BNB Smart Chain, BASE, Optimism, Polygon, Arbitrum, and Avalanche.

Based on information from EtherScan, it’s been found that an address associated with PeckShield has received millions of dollars’ worth of various tokens from several blockchains. These transfers originated from a wallet identified as “BingX 15,” which is known to be one of the exchange’s active wallets.

On the very same day, BingX had alerted its users about a scheduled upkeep of their wallet system, advising that transactions like deposits and withdrawals might experience delays.

Nevertheless, this announcement drew flak from the cryptocurrency sector. Harrison Leggio, a co-founder of crypto venture g8keep, expressed concerns about the company’s transparency, suggesting that if the issue was merely wallet maintenance, it seemed unusual that there would be any “minor asset loss.

He urged users to consider more secure platforms, stating, “If you’re going to use a [centralized exchange], please use a real one that doesn’t play off exploits like this.”

Read More

2024-09-20 11:02