Following blockchain data analysts’ warnings about suspicious outflows from BingX, the cryptocurrency exchange confirmed the breach and offered 10% to hackers. More than $48 million was allegedly stolen.
BingX confirmed that on September 20th, it detected “abnormal network access, potentially indicating a hacker attack on BingX’s hot wallet.”
“We immediately implemented emergency measures, including urgent transfer of assets and a temporary suspension of withdrawals. There has been minor asset loss, but the amount is small and is currently being calculated,” the crypto platform said.
However, observers noted that the outflows do not resemble “minor losses” in any way. According to Bitrace, a blockchain data analysis company, more than $43.5 million in crypto assets have been illegally transferred from three addresses belonging to BingX.
Another blockchain security company, Match Systems, estimated that the breach resulted in the theft of over $48 million in digital assets from 9 crypto wallets.
Vivien Lin, BingX’s Chief Product Officer, assured users that the attack did not affect operations and that the loss was within capital reserves.
“We hope all platforms to unite in fighting hackers by sharing and publicizing confirmed hacker addresses. By doing so, we can deter and punish malicious behavior in advance,” Lin posted on X.
It appears that the company is offering a generous bounty for returning the funds. According to Bitrace, the BingX team sent a message to the hacker, promising a 10% bug bounty.
“Should you cooperate fully within the next 48 hours (which expires at UTC 0, 24th Sep), we will cease our pursuit. As a token of our appreciation, we will offer you a generous bug bounty of up to 10% of the stolen assets,” the message reads.
“Once you have returned the funds, we will stop all tracking, data collection, and analysis. We will no longer hold you responsible. However, if you do not comply, we will continue our investigation with the FBI and police in your region, security agencies, and the community in order to take enforcement action and seek a full recovery.”
BingX is closely monitoring the addresses used by hackers and other transfers and interactions.
BingX resumed withdrawals on September 21st and deposits a day later.
The company also said that the majority of assets are stored in cold wallets, and “only a small amount is kept in hot wallets to meet withdrawal demands.”
Crypto heists have cost users $1.89 billion in 2023 alone. Some of the most notorious actors in this field are backed by North Korea, which has managed to steal $3 billion over six years.