BingX, a Singapore-based cryptocurrency exchange suffered a major security breach, losing $44 million on September 20th 2024 due to a vulnerability in their hot wallets.
The breach occurred when hackers gained unauthorised access to BingX's hot wallets, exploiting a vulnerability that allowed them to drain assets across multiple chains. These assets were primarily in Ethereum, BNB, and stablecoins like USDT. The hackers employed typical laundering tactics, converting stolen funds into native tokens such as ETH and BNB, making them harder to track. While BingX initially described the losses as “minor,” further investigation confirmed the loss exceeded $44 million.
This hack underscores the inherent risks of relying on hot wallets for storing large amounts of digital assets. To mitigate such vulnerabilities, exchanges should adopt more robust security measures, such as multi-signature authentication for large withdrawals and enhanced real-time monitoring of wallet activities.