BingX Confirms Security Breach

Crypto exchange BingX has confirmed that it experienced a 'minor asset loss' following the detection of suspicious outflows from one of its hot wallets. According to a post by BingX's Chief Product Officer, Vivien Lin, the incident was identified around 4:00 A.M. Singapore time on September 20.

Estimations and Immediate Actions

Blockchain security firm Cyvers estimates the breach resulted in losses exceeding $52 million. Most of the stolen assets have already been swapped.

The affected chains include Ethereum, ** Binance Smart Chain, ** Base, Optimism, Polygon, ** Arbitrum, and Avalanche.

Following the breach, Lin announced that BingX temporarily halted withdrawals to conduct an 'emergency inspection' and strengthen its wallet security. She reassured users that withdrawals would resume within 24 hours.

"To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored within 24 hours at the latest," Lin stated.

Hacker Tactics and Attribution

Hakan Unal, Senior Security Operations Lead at Cyvers, told CryptoSlate that the attacker's rapid asset-swapping techniques are similar to those used by North Korea-backed malicious actors.

Unal explained, 'This hacker's behavior—using multiple wallets to swap altcoins into ETH and BNB before consolidating—is consistent with the tactics we've seen in past Lazarus operations.'

Assurance and Compensation

Lin also highlighted the exchange's layered management system, which keeps most assets in cold wallets and leaves only a tiny portion in hot wallets for withdrawals.

In a separate statement, she assured users that BingX would 'fully compensate' for any losses from its capital while emphasizing that user assets remained secure.

Trends and Recent Attacks

This incident underscores the growing trend of hackers targeting centralized exchanges (CEXs). Earlier this year, blockchain security firm Chainalysis reported a resurgence in attacks on CEXs, shifting attention away from DeFi platforms.

Recent examples include the $305 million hack on Japan's DMM Bitcoin platform and the $235 million breach of India's WazirX exchange in July. Indonesia's Indodax exchange also saw around $20 million in losses following a recent attack.

Security experts have linked these hacks to North Korean actors, who are believed to have stolen over $3 billion in digital assets over the past seven years.