Key Takeaways
On Sept 20, crypto exchange BingX suffered a devastating cyber attack. Hackers exploited a vulnerability in its hot wallet system to steal over $43 million in digital assets.
The breach sparked widespread concerns about the security of digital asset exchanges and their vulnerability to large-scale theft, leaving users reeling.
In the aftermath, BingX officials pledged to fully refund all affected users, but the company’s response has drawn criticism from some quarters.
Blockchain security firm PeckShield was the first to raise the alarm , reporting the stolen funds at around $13.5 million. However, it later revised the estimate upwards, stating that the stolen funds amount to $43 million.
Hours later, BingX’s Chief Product Officer, Vivien Lin, confirmed the breach , revealing that the exchange’s hot wallet had been compromised.
This prompted the company to halt withdrawals while it investigated the incident. Withdrawals are expected to resume within 24 hours.
The stolen assets primarily originated from Ethereum and BNB Chain, with the hacker quickly converting the majority into 4,526 ETH and 7,864.7 BNB.
Additionally, a separate transaction happened around 7 hours prior, where the wallet address 0x940362B46faf7DF48Af1c8989d809F50466B5fCA drained around $16.5 million worth of cryptocurrencies from BingX.
These stolen funds, comprising 5,300 ETH, 4,100 BNB, and 1.65 million MATIC, are currently parked at the wallet address 0x1Dd7dAf089C16856155FeFd7e2170966bb6b3AEE.
BingX has pledged to reimburse users for all losses incurred in the security breach.
The exchange emphasized that the stolen funds were a minimal portion of its total assets and would not disrupt its operations.
“The total loss is minimal and manageable. This incident will not affect our ongoing business operations. Trading services continue as usual. Withdrawals and deposits are temporarily delayed and are expected to be restored within 24 hours at the latest,” added Lin.
“Users’ assets are safe and well-protected under our layered asset management architecture. BingX will fully compensate for the loss with our own capital,” she said.
Following the BingX hack, users expressed frustration over the exchange’s communication and handling of the incident.
Some users reported being banned from BingX’s Discord channel for questioning the security breach or sharing related content.
Under Lin’s X post, LTDBrandon wrote: “BingX banned me from Discord for asking about the hot wallets being drained and for posting a gif lol. Going to be deleting my BingX account once I get my money out of there.”
Additionally, users criticized BingX for downplaying the financial impact of the attack. While the exchange claimed minimal losses, independent reports estimated the stolen funds to exceed $43 million.
Despite these criticisms, some users praised BingX for its swift response and commitment to reimbursing affected customers. They contrasted this approach with other exchanges, such as WazirX, which has confirmed that full user reimbursement is highly unlikely.