By: Eliza Bennet
Crypto exchange BingX has confirmed a 'minor asset loss' after detecting suspicious outflows from one of its hot wallets early on the morning of September 20. While the exact amount of stolen assets is still being evaluated by BingX's Chief Product Officer Vivien Lin, blockchain security firm Cyvers estimates the breach caused over $52 million in losses. The affected assets spanned across several blockchain networks, including Ethereum, Binance Smart Chain, Base, Optimism, Polygon, Arbitrum, and Avalanche.
According to Cyvers' Senior Security Operations Lead Hakan Unal, the attacker's rapid asset-swapping moves suggest similarities to North Korea-backed malicious actors. 'This hacker’s behavior—using multiple wallets to swap altcoins into ETH and BNB before consolidating—is consistent with the tactics we’ve seen in past Lazarus operations,' Unal said.
In response to the breach, BingX temporarily halted withdrawals to conduct an 'emergency inspection' and bolster its wallet security. Lin reassured users via social media that withdrawals would resume within 24 hours and emphasized the exchange's layered management system, which keeps the majority of assets in cold wallets, with only a small portion in hot wallets for daily transactions.
Lin further assured users that BingX would fully compensate for any losses using the exchange's capital while stressing that user assets remained secure. This incident underscores a worrying trend of hackers targeting centralized exchanges. Reports from blockchain security firm Chainalysis indicate a resurgence in attacks on centralized exchanges this year, with North Korea-linked actors allegedly responsible for over $3 billion in digital asset thefts over the past seven years.
Previous high-profile incidents include a $305 million hack on Japan's DMM Bitcoin platform and a $235 million breach of India's WazirX exchange, both occurring earlier this year. Indonesia's Indodax exchange also suffered $20 million in losses following a recent attack, further highlighting the escalating security threats faced by centralized exchanges globally.
In another alarming incident, hackers hijacked the Indian Supreme Court's YouTube channel to broadcast ads promoting XRP, the seventh-largest cryptocurrency. This incident marks a new tactic by cybercriminals to exploit major platforms and promote cryptocurrency scams, further emphasizing the need for robust security measures across all digital platforms.