On September 20, 2024, the Singapore-headquartered exchange BingX detected an unauthorised drain on one of its hot wallets. By the end of the incident roughly $52 million had moved across five blockchains — Ethereum, BNB Chain, Avalanche, Optimism and Polygon.
What happened
BingX disclosed the breach within hours and characterised it as a hot-wallet compromise. The on-chain pattern was a coordinated sweep: simultaneous unauthorised withdrawals across multiple chains, immediate bridging into anonymising mixers, and consolidation across a handful of attacker-controlled addresses.
The TTPs — simultaneous multi-chain hot-wallet drain, time-boxed laundering — match the broader pattern of North Korean operator activity documented at Phemex, DMM Bitcoin and others. BingX did not publicly attribute.
Aftermath
- BingX paused withdrawals immediately and announced full compensation for affected users from internal reserves.
- Withdrawal services were restored within days after rotating hot-wallet keys.
- Stolen funds were not recovered.
Why it matters
BingX joined a multi-year pattern of mid-tier exchanges drained for $50–80M in coordinated multi-chain operations. The lesson, repeated by Phemex four months later: hot-wallet key segregation per chain — and per-chain withdrawal velocity limits with automated suspension — are no longer optional hardening, they are baseline custody.
Sources & on-chain evidence
- [01]medium.comhttps://medium.com/coinmonks/top-5-crypto-hacks-of-2024-more-than-2-billion-lost-36crypto-559a481eff9c
- [02]cryptotimes.iohttps://www.cryptotimes.io/2024/12/30/in-2024-crypto-lost-2-2-billion-to-hackers-top-5-hacks/