BingX, a Singapore-based cryptocurrency exchange suffered a major security breach, losing $44 million on September 20th 2024 due to a vulnerability in their hot wallets.
Behind the Breach
The breach occurred when hackers gained unauthorised access to BingX's hot wallets, exploiting a vulnerability that allowed them to drain assets across multiple chains. These assets were primarily in Ethereum, BNB, and stablecoins like USDT. The hackers employed typical laundering tactics, converting stolen funds into native tokens such as ETH and BNB, making them harder to track. While BingX initially described the losses as “minor,” further investigation confirmed the loss exceeded $44 million.
Lessons from the Incident
This hack underscores the inherent risks of relying on hot wallets for storing large amounts of digital assets. To mitigate such vulnerabilities, exchanges should adopt more robust security measures, such as multi-signature authentication for large withdrawals and enhanced real-time monitoring of wallet activities.
Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and 360 degree security services for Web3. Visit rivanorth.com to find out more.
You build the future. We help you secure it.