On September 19th, BingX, a prominent centralised cryptocurrency exchange, suffered a significant security breach, leading to the loss of $44.7 million from its hot wallets.
The attack was orchestrated by a highly sophisticated hacking group that swiftly transferred the stolen funds across various blockchain networks, making it more challenging to trace and recover the assets.
BingX is a leading cryptocurrency exchange, serving over 10 million users worldwide. BingX offers diversified products and services, including spot, derivatives, copy trading, and asset management – all designed for the evolving needs of users, from beginners to professionals. BingX is committed to providing a trustworthy platform that empowers users with innovative tools and features to elevate their trading proficiency.
Drained BingX wallet addresses: 0x6c69fa64EC451b1Bc5b5FBAa56CF648a281634Be 0xa88f86E5685FCa7C5D6de0e4D944875b007137b5
Attackers' addresses (On Ethereum Chain) 0xF7e8033366166f92eb477B7B38e0D47d47b43326 0x940362B46faf7DF48Af1c8989d809F50466B5fCA 0x719981cf7D1a1dC681a1cf0C6B1eeeE090D0FEd6 0x1dd7daf089c16856155fefd7e2170966bb6b3aee 0xf26e64ef4300ca027d2ffedd7d765d7a3906091c 0xb77A4A9678315775C4ba89F18f84f87538E748F5 0xCFc14fa81226074036622976D95897fF84b58d66
(On BNB chain) 0xb0146aec3593410c8307b570af69adf4d74678b3 0x940362b46faf7df48af1c8989d809f50466b5fca 0x1dd7daf089c16856155fefd7e2170966bb6b3aee
The root cause of the security breach at BingX was likely related to unauthorized access to the exchange's hot wallet. Since hot wallets are connected to the internet, they are more vulnerable to cyberattacks.
In this case, the attackers were able to gain abnormal access to the hot wallet, which enabled them to steal assets worth $43 million. The breach highlights potential weaknesses in the exchange’s security measures protecting the hot wallet, despite the majority of assets being stored securely in cold wallets.
The attacker utilised cross-chain strategies to obscure the funds' trail, moving them across multiple blockchains to evade detection
.
Here is what @BingXOfficial responded to the exploit.
BingX detected abnormal network access, suspecting a hack on their hot wallet. They initiated an emergency response, including asset transfers and withdrawal suspensions. While there was minor asset loss, it's being calculated. Most assets are safe in cold wallets. Withdrawals are paused for security checks but will resume within 24 hours. BingX apologizes for the inconvenience and is preparing a compensation plan.
Response from Vivien Lin
after the exploit: The majority of chains have restored deposit and withdrawal services, with over 700 tokens recovered. Operations have returned to normal, and efforts will continue to optimize the platform for stability and security. Thank you for your support and trust!
Ready to secure your smart contracts? Take the first step towards a safer blockchain journey. Request an Audit with QuillAudits today & ensure your contracts are robust and secure!
Choosing a reputable audit firm like QuillAudits ensures that your protocol undergoes rigorous scrutiny
from experienced security professionals. QuillAudits specializes in uncovering critical vulnerabilities and providing actionable remediation strategies. Our expertise helps safeguard your project from attacks, ensuring that security issues are addressed proactively.
Get Pure Alpha Straight to Your Inbox. Miss this, and you’re missing out.
Insider Secrets - Delivered Right to You. Subscribe now.