Further investigations suggest that some of the stolen funds have been moved through the decentralized exchange Kyberswap.
Singapore-based crypto exchange BingX has told its users that there has been a security breach on its platform. While this is the reality that the platform currently has to deal with, BingX has confirmed that it will fully refund all affected users. This is to ensure that no customer suffers financial loss due to the incident.
The breach, which occurred on September 20, 2024, led to minor losses in the company’s hot wallet.
BingX Breach: Quick Response Limits Impact
At around 4:00 AM Singapore time, BingX’s engineering team noticed unusual network activity, which typically indicates a potential security incident. This activity surge was quickly met with decisive action as the team moved to safeguard the remaining assets and conduct a thorough investigation. According to Vivien Lin, BingX’s product manager, the exchange took no chances and immediately activated its emergency protocols. Lin’s statement reads:
“We immediately started our emergency plan, including the urgent transfer of assets and the suspension of withdrawals.”
Expectedly, the timely action was enough to limit the damage caused by the attack. That is, as the bulk of users’ assets remained secure in cold wallets. Cold wallets, unlike hot wallets, are not connected to the internet and are therefore less susceptible to hacks.
As earlier mentioned, BingX has temporarily halted all withdrawals. However, the move is merely a precaution as it seeks to conduct extensive security checks to confirm the full extent of the breach. This period will also afford the exchange the opportunity to improve its wallet services.
Overall, the exchange expects withdrawals to resume within 24 hours. That is, after the enhancements must have been completed.
PeckShield and De.Fi Uncover the Scale of the Breach
For what it’s worth, blockchain security firm PeckShield was the first to report the attack. The firm identified suspicious transactions involving over $13 million in withdrawals from a BingX hot wallet. Shortly after, Web3 security firm De.Fi gave bigger estimates, claiming that the loss actually ran into amounts nearing $20 million.
Meanwhile, data from EtherScan also showed that millions of dollars worth of tokens were transferred from a BingX hot wallet, labeled “BingX 15”, to another address.
Further investigations also suggest that some of the stolen funds have been moved through the decentralized exchange Kyberswap. A move, which is nothing but a pointer to the fact that the hackers are attempting to quickly launder the stolen assets.
next