BingX, a Singapore-based crypto exchange, has suffered a hack targeting its hot wallets.
The attack affected several blockchains, with Cyvers Alerts estimating a total loss of over $52 million.
BingX Confirms Hot Wallet Hack
The incident was initially detected by blockchain security firm PeckShield, which reported a “suspicious significant fund outflow” from the exchange totaling over $13.5 million in a September 20 post on X. This figure was later revised to $26.7 million as the extent of the exploit became clearer.
The company’s chief product officer, Vivien Lin, addressed the breach in a separate post, stating that at approximately 4 AM Singapore time, their technical team identified abnormal network access, suspecting an attack on their hot wallet.
In response, the Singapore-based exchange initiated an emergency plan, which included the urgent transfer of assets and the suspension of withdrawals.
“To protect user assets, we utilize a layered management system, with the majority stored in cold wallets and only a minimal amount kept in hot wallets for withdrawals,” Lin explained. She reassured users that while withdrawals have been temporarily halted for an emergency inspection, they aim to restore services within 24 hours.
BingX’s official X account added, “Only minor losses so far, and we’ve got it covered,” explaining that most assets remained secure in cold wallets, with only a limited amount impacted in the hot wallet.
Lin reiterated this by stating that the overall loss was “minimal and manageable,” stressing that users’ assets were secure and well-protected under their layered asset management system.
Transparency Concerns
However, the figures coming from on-chain security platforms paint a different picture. PeckShield revealed that in addition to the $26.7 million initially siphoned, another $16.5 million was drained hours later, raising the total estimated losses to over $43 million.
Cyvers Alerts later updated the loss figure, indicating that the total now exceeds $52 million, with most of the stolen assets being swapped. The affected chains include Ethereum, BNBChain, BASE, Optimism, Polygon, Arbitrum, and Avalanche.
According to EtherScan data, an address shared by PeckShield received millions of dollars worth of various tokens from multiple blockchains. The source of these transfers was a wallet labeled “BingX 15,” one of the exchange’s hot wallets.
Earlier on the same day, BingX had issued a notice regarding temporary maintenance of its wallet system, warning users that deposits and withdrawals could be delayed.
However, this notice received criticism from the crypto community. Harrison Leggio, a co-founder of crypto startup g8keep, commented on their transparency, questioning if the situation was just “wallet maintenance,” then why is there a “minor asset loss?”
He urged users to consider more secure platforms, stating, “If you’re going to use a [centralized exchange], please use a real one that doesn’t play off exploits like this.”