BingX Confirms Hot Wallet Hack, But Transparency Concerns Arise as On-Chain Data Shows Losses Exceed $52M

BingX, a Singapore-based crypto exchange, has suffered a hack targeting its hot wallets. The attack affected several blockchains, with Cyvers Alerts estimating a total loss of over $52 million.

Crypto exchange BingX has confirmed that its hot wallets were hacked on September 20, leading to the theft of a significant amount of digital assets.

The incident was first reported by blockchain security firm PeckShield, which detected a “suspicious significant fund outflow” from the exchange, totaling over $13.5 million. This figure was later revised to $26.7 million as the extent of the exploit became clearer.

According to the company’s chief product officer, Vivien Lin, their technical team identified abnormal network access at around 4 AM Singapore time, suggesting an attack on their hot wallet.

In response, the exchange initiated an emergency plan, which included the urgent transfer of assets and the suspension of withdrawals.

“To protect user assets, we utilize a layered management system, with the majority stored in cold wallets and only a minimal amount kept in hot wallets for withdrawals,” Lin explained. She reassured users that while withdrawals have been temporarily halted for an emergency inspection, they aim to restore services within 24 hours.

BingX’s official X account added, “Only minor losses so far, and we’ve got it covered,” explaining that most assets remained secure in cold wallets, with only a limited amount impacted in the hot wallet.

Lin reiterated this by stating that the overall loss was “minimal and manageable,” stressing that users’ assets were secure and well-protected under their layered asset management system.

However, the figures coming from on-chain security platforms tell a different story. PeckShield revealed that in addition to the $26.7 million initially siphoned, another $16.5 million was drained hours later, raising the total estimated losses to over $43 million.

Cyvers Alerts later updated the loss figure, indicating that the total now exceeds $52 million, with most of the stolen assets being swapped. The affected chains include Ethereum, BNBChain, BASE, Optimism, Polygon, Arbitrum, and Avalanche.

According to EtherScan data, an address shared by PeckShield received millions of dollars worth of various tokens from multiple blockchains. The source of these transfers was a wallet labeled “BingX 15,” one of the exchange’s hot wallets.

Earlier on the same day, BingX had issued a notice regarding temporary maintenance of its wallet system, warning users that deposits and withdrawals could be delayed.

This notice, however, drew criticism from the crypto community, with some questioning the exchange’s transparency in light of the hack.

Harrison Leggio, a co-founder of crypto startup g8keep, commented on the exchange’s use of the term “wallet maintenance” to describe the incident.

“If this was just ‘wallet maintenance,’ then why is there a ‘minor asset loss?'” Leggio asked. He went on to advise users to consider using more secure platforms.

“If you’re going to use a [centralized exchange], please use a real one that doesn’t play off exploits like this,” he added.

The above is the detailed content of BingX Confirms Hot Wallet Hack, But Transparency Concerns Arise as On-Chain Data Shows Losses Exceed $52M. For more information, please follow other related articles on the PHP Chinese website!