Overview
On September 19th, BingX, a prominent centralised cryptocurrency exchange, suffered a significant security breach, leading to the loss of $44.7 million from its hot wallets.
The attack was orchestrated by a highly sophisticated hacking group that swiftly transferred the stolen funds across various blockchain networks, making it more challenging to trace and recover the assets.
About Project
BingX is a leading cryptocurrency exchange, serving over 10 million users worldwide. BingX offers diversified products and services, including spot, derivatives, copy trading, and asset management – all designed for the evolving needs of users, from beginners to professionals. BingX is committed to providing a trustworthy platform that empowers users with innovative tools and features to elevate their trading proficiency.
Exploit Details
Drained BingX wallet addresses: 0x6c69fa64EC451b1Bc5b5FBAa56CF648a281634Be 0xa88f86E5685FCa7C5D6de0e4D944875b007137b5
Attackers' addresses (On Ethereum Chain) 0xF7e8033366166f92eb477B7B38e0D47d47b43326 0x940362B46faf7DF48Af1c8989d809F50466B5fCA 0x719981cf7D1a1dC681a1cf0C6B1eeeE090D0FEd6 0x1dd7daf089c16856155fefd7e2170966bb6b3aee 0xf26e64ef4300ca027d2ffedd7d765d7a3906091c 0xb77A4A9678315775C4ba89F18f84f87538E748F5 0xCFc14fa81226074036622976D95897fF84b58d66
(On BNB chain) 0xb0146aec3593410c8307b570af69adf4d74678b3 0x940362b46faf7df48af1c8989d809f50466b5fca 0x1dd7daf089c16856155fefd7e2170966bb6b3aee
Attack Process
- On September 19th, hackers gained unauthorised access to BingX’s hot wallets, which held significant amounts of customer funds.
- BingX detected "abnormal network access" at approximately 4 AM Singapore time, indicating the onset of the breach.
- The attackers used multiple blockchain networks to siphon funds from the compromised wallets.
- A series of wallet addresses were used to facilitate the movement of stolen assets, including Ethereum, BNB Chain, and Polygon.
- The hackers swapped various altcoins into more liquid assets such as ETH and BNB before consolidating the funds, demonstrating a well-coordinated approach.
- The total amount stolen was later confirmed to be $44.7 million with multiple confirmed exploiter addresses linked to the hack.
The Root Cause
The root cause of the security breach at BingX was likely related to unauthorized access to the exchange's hot wallet. Since hot wallets are connected to the internet, they are more vulnerable to cyberattacks.
In this case, the attackers were able to gain abnormal access to the hot wallet, which enabled them to steal assets worth $43 million. The breach highlights potential weaknesses in the exchange’s security measures protecting the hot wallet, despite the majority of assets being stored securely in cold wallets.
Flow of Funds
The attacker utilised cross-chain strategies to obscure the funds' trail, moving them across multiple blockchains to evade detection.
Post Exploit Scenes
Here is what @BingXOfficial responded to the exploit.
BingX detected abnormal network access, suspecting a hack on their hot wallet. They initiated an emergency response, including asset transfers and withdrawal suspensions. While there was minor asset loss, it's being calculated. Most assets are safe in cold wallets. Withdrawals are paused for security checks but will resume within 24 hours. BingX apologizes for the inconvenience and is preparing a compensation plan.
Response from Vivien Lin after the exploit: The majority of chains have restored deposit and withdrawal services, with over 700 tokens recovered. Operations have returned to normal, and efforts will continue to optimize the platform for stability and security. Thank you for your support and trust!
How could they have prevented the Exploit?
- Keeping the majority of customer funds in cold storage, which is not connected to the internet, can significantly reduce the risk of unauthorised access. Only a small, necessary amount should be kept in hot wallets for daily operations.
- Implementing multi-signature wallets requires multiple private keys for transactions, making it harder for a single point of failure to lead to significant losses.
- Conducting regular security audits by reputable third-party firms like QuillAudits can help identify vulnerabilities in the system. This includes reviewing smart contracts, wallet security, and overall infrastructure.
Secure Your Smart Contracts with QuillAudits
Ready to secure your smart contracts? Take the first step towards a safer blockchain journey. Request an Audit with QuillAudits today & ensure your contracts are robust and secure!
Why QuillAudits?
Choosing a reputable audit firm like QuillAudits ensures that your protocol undergoes rigorous scrutiny from experienced security professionals. QuillAudits specializes in uncovering critical vulnerabilities and providing actionable remediation strategies. Our expertise helps safeguard your project from attacks, ensuring that security issues are addressed proactively.
QuillAudits Team
The QuillAudits team, comprises of expert security researchers & auditors in Web3 security, has completed 1,000+ audits across Ethereum, Polygon, Solana, Arbitrum, BSC, and more, securing $30B+ with 0 exploits, advancing the blockchain ecosystem
Need Integration Support?
Talk to an expert
Explore QuillShield
Get Free Audit Credits
Visit QuillCheck
Detect Rug Pulls on the Go
