Pierluigi Paganini
September 21, 2024
Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media.
[
— BingX (@BingXOfficial) September 20, 2024Temporary Wallet Maintenance Notice]
■ Schedule: ~24 hours
■ When maintenance is done, we will announce it through a notice.
We sincerely apologize for any inconvenience this may cause and appreciate your patience.
Learn more: https://t.co/Tx8PE6H76Q
In a post, the company said it detected abnormal network activity on September 20, 2024, at around 04:00 (UTC+8), indicating a potential hack targeting their hot wallet. BingX immediately responded to the incident, secured its asset transferring to a cold wallet and temporarily suspended the withdrawals. While there was a minor asset loss, the exact amount is still being calculated.
“On 2024-09-20 at around 04:00 (UTC+8), our technical team detected abnormal network access, potentially indicating a hacker attack on BingX’s hot wallet. We immediately implemented emergency measures, including urgent transfer of assets and a temporary suspension of withdrawals. There has been minor asset loss, but the amount is small and is currently being calculated.” reported the company.
“To safeguard user assets, we have always used a tiered asset management system. The majority of assets are stored in cold wallets, while only a small amount is kept in hot wallets to meet withdrawal demands. The crediting time for deposits and withdrawals will be extended as we conduct urgent inspections and strengthen our wallet services to ensure asset security. We sincerely apologize for any inconvenience caused. Withdrawals will be processed within 24 hours.”
The company investigated the incident with the help of blockchain security firm SlowMist and determined that hackers stole more than $47M worth of crypto cryptocurrency.
2/ Below are the details of the losses compiled by the SlowMist Team.
— SlowMist (@SlowMist_Team) September 20, 2024
(Note: Please refer to the official announcement of @BingXOfficial for the exact amount of losses and further details.)
https://t.co/33BnzASSpi pic.twitter.com/1qZsn3d9N5
BingX chief product officer Vivien Lin wrote on X that the incident did not disrupt operations and remarked that the company covered the losses with its reserves.
This morning, BingX just experienced hacker attack. In this incident, BingX's technical emergency response capabilities were fully demonstrated. While the attack did not affect our platform’s operations and the loss is within our capital reserves, it highlights ongoing security… https://t.co/h7fviIiDUb
— Vivien Lin @ BingX (@Vivien_BingX) September 20, 2024
In the first half of 2024, the amount of cryptocurrency stolen in hacks more than doubled compared to the same period in 2023, largely due to a few large attacks and rising crypto prices, according to blockchain researchers TRM Labs. By June 24, 2024, over $1.38 billion worth of crypto had been stolen, up from $657 million the previous year. Additionally, the median theft size increased by one-and-a-half times from 2023.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cybercrime)
