BingX Exchange Suffers $52 Million Hot Wallet Breach in Coordinated Multi-Chain Attack

On September 20, 2024, Singapore-based cryptocurrency exchange BingX fell victim to one of the largest centralized exchange hacks of the year, with attackers siphoning over $52 million from its hot wallets across multiple blockchain networks. The breach, detected in the early morning hours Singapore time, underscores the persistent vulnerabilities facing centralized trading platforms despite industry-wide efforts to bolster security infrastructure.

The Exploit Mechanics

Blockchain security firm PeckShield first flagged the incident after detecting suspicious outflows from BingX hot wallets. Initial estimates placed losses at approximately $13.5 million, but as on-chain analysis progressed, the figure ballooned dramatically. PeckShield later revised the total to $26.7 million, and Cyvers Alerts subsequently updated losses to exceed $52 million as the full scope of the attack became apparent.

The attackers targeted hot wallets across at least seven blockchain networks: Ethereum, BNB Chain, BASE, Optimism, Polygon, Arbitrum, and Avalanche. Rather than exploiting a single vulnerability, the hackers executed a coordinated withdrawal, swiftly swapping stolen tokens across decentralized exchanges to obscure the trail of funds. On-chain data from Etherscan confirmed that an address linked to the attackers received millions of dollars in various tokens transferred from a wallet labeled “BingX 15,” one of the exchange’s known hot wallets.

The stolen assets included a mix of major cryptocurrencies and ERC-20 tokens, which were rapidly converted and dispersed across multiple wallets in an apparent laundering effort.

Affected Systems

The breach affected BingX’s hot wallet infrastructure — the online-connected wallets exchanges use to process daily withdrawal requests. BingX Chief Product Officer Vivien Lin confirmed that at approximately 4:00 AM Singapore time, the technical team identified abnormal network access patterns consistent with a targeted attack on their hot wallet systems.

BingX operates a layered asset management system, with the majority of user funds stored in offline cold wallets and only a minimal amount held in hot wallets to facilitate daily operations. This architectural decision likely prevented significantly larger losses, as cold wallet reserves remained untouched throughout the incident.

However, the multi-chain nature of the attack proved particularly damaging. By targeting wallets across seven different networks simultaneously, the attackers maximized their haul before the exchange could respond. The incident prompted immediate suspension of all withdrawal and deposit services as the emergency response team worked to assess the damage and secure remaining assets.

The Mitigation Strategy

Upon detecting the breach, BingX activated its emergency response protocol. The exchange immediately halted all withdrawals and began an urgent transfer of remaining hot wallet assets to secure cold storage. Lin publicly reassured users that the losses were “minimal and manageable” under the exchange’s layered management system.

Within 24 hours, BingX announced plans to resume withdrawal services, though the timeline drew criticism from security researchers who noted that full incident assessment typically requires more thorough investigation. The exchange committed to covering all user losses from its own reserves, a promise that provided some reassurance to the platform’s user base.

Blockchain analytics firms including PeckShield, Cyvers Alerts, and others actively tracked the movement of stolen funds across chains, coordinating with the exchange and law enforcement to identify the attackers. The rapid swapping of stolen tokens for major cryptocurrencies suggested a sophisticated laundering operation.

Lessons Learned

The BingX incident highlights several critical security concerns for centralized exchanges. First, hot wallet exposure remains one of the most significant risk vectors in the industry. Even with layered management systems, the portion of funds kept online for operational liquidity creates an attractive target for sophisticated attackers.

Second, multi-chain infrastructure increases the attack surface. As exchanges expand their supported networks, each additional blockchain integration introduces new potential entry points. Security auditing must keep pace with this expansion, ensuring that hot wallet systems across all supported chains meet equally rigorous standards.

Third, transparency during security incidents remains a industry-wide challenge. The initial BingX notice described “temporary maintenance” of wallet systems, which drew criticism from the crypto community. Security researchers argued that downplaying the incident while on-chain evidence clearly showed a major breach erodes user trust.

User Action Required

For BingX users, the immediate priority is to monitor account activity and await official communications regarding the resumption of withdrawal services. Users holding significant balances on any centralized exchange should consider transferring the majority of their holdings to personal hardware wallets, keeping only trading capital on the platform.

The broader crypto community should view this incident as a reminder that centralized exchanges remain high-value targets. The $52 million stolen from BingX represents just one of several major CeFi hacks in September 2024, contributing to over $636 million stolen from centralized finance platforms throughout the year. As Bitcoin trades near $63,192 and Ethereum at $2,561, the value locked in exchange hot wallets continues to grow, making robust security measures more critical than ever.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions.