BingX cryptocurrency exchange hit by security breach, $20 million stolen

BingX, a Singapore-based cryptocurrency exchange, reports a security breach that compromised its hot wallet on September 20th 2024.

BingX’s engineering team at 4:00 AM Singapore time, with PeckShield later identifying suspicious withdrawals. Hackers transferred assets from a BingX hot wallet (labeled "BingX 15") to another address. The hackers moved the stolen funds through Kyberswap (a platform for mixing crypto funds in order to lose the source of the funds), indicating efforts to launder the funds.

BingX initiated its emergency response plan, suspending withdrawals, transferring assets, and securing most funds in cold wallets.

The nature of the attack is not disclosed, nor the number of affected individuals.

PeckShield reported over $13 million in suspicious withdrawals, while De.Fi estimated total losses at around $20 million. Withdrawals have been temporarily suspended but are expected to resume within 24 hours after wallet service improvements are completed.

Update - as of 21st of September, BingX reports that they investigated the incident with the help of blockchain security firm SlowMist and concluded that the amount of stolen funds is more than $47M worth of crypto cryptocurrency.

BingX has assured users that it will fully reimburse any losses incurred using its own funds.