Crypto exchange BingX has confirmed that it experienced a “minor asset loss” after detecting suspicious outflows from one of its hot wallets. The incident, which occurred around 4:00 A.M. Singapore time, is still under evaluation in terms of the exact amount stolen. However, blockchain security firm Cyvers estimates that the breach resulted in over $52 million in losses, with most assets already swapped. The affected chains include Ethereum, Binance Smart Chain, Base, Optimism, Polygon, Arbitrum, and Avalanche.
Hakan Unal, Senior Security Operations Lead at Cyvers, noted that the attacker’s rapid asset-swapping techniques resemble those used by North Korea-backed malicious actors. Unal stated, “This hacker’s behavior—using multiple wallets to swap altcoins into ETH and BNB before consolidating—is consistent with the tactics we’ve seen in past Lazarus operations.”
Temporary service suspension
In response to the breach, BingX temporarily suspended withdrawals to conduct an emergency inspection and enhance wallet security. Chief Product Officer Vivien Lin assured users that withdrawals would resume within 24 hours. Lin emphasized the exchange’s layered management system, which prioritizes cold wallets for asset storage and only maintains a small portion in hot wallets for withdrawals.
In a statement, Lin reassured users that BingX would “fully compensate” for any losses from its capital and reiterated that user assets remained secure.
Escalating CEXs hacks
The incident at BingX is part of a larger trend of hackers targeting centralized exchanges (CEXs). Security firm Chainalysis reported a resurgence in attacks on CEXs this year, diverting attention away from DeFi platforms. Recent examples include the $305 million hack on Japan’s DMM Bitcoin platform and the $235 million breach of India’s WazirX exchange in July. Indonesia’s Indodax exchange also experienced around $20 million in losses due to a recent attack.
Experts have linked these hacks to North Korean actors in all cases, with over $3 billion in digital assets believed to have been stolen by these hackers over the past seven years.