The fast-evolving world of cryptocurrencies continues to be plagued by security concerns, as demonstrated by the recent theft of $44 million from a Singapore-based cryptocurrency platform, BingX. BingX confirmed that on September 20th,2024. They detected abnormal network access, potentially indicating an attack on BingX’s hot wallet. The crypto platform discovered the illicit movements of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media and their official website as well [1].

Source from X [2].

The Incident

According to reports, the hackers managed to penetrate the platform and siphoned off significant amounts of funds, impacting users globally. BingX serves a substantial number of clients, and the breach has caused concerns over the safety of digital currencies stored on centralized exchanges. Although efforts are underway to track and recover the stolen assets, the perpetrators remain unidentified, raising questions about the vulnerability of digital financial ecosystems.

Millions began to flow out from the platform and this activity came to the attention of the blockchain security firms on Thursday night even before BingX posted a message on social media about a shutdown related to “wallet maintenance” [3]. The company later released a longer statement saying the disruption was triggered after the company “detected abnormal network access, potentially indicating a hacker attack on BingX’s hot wallet.” [4]

According to BingX, “We immediately implemented emergency measures, including urgent transfer of assets and a temporary suspension of withdrawals. There has been minor asset loss, but the amount is small and is currently being calculated”.[4] 

Nonetheless, it was pointed out by observers that the outflows cannot be classified as “minor losses” in any circumstances. As stated by Bitrace, a blockchain intelligence company, over $43.5 million worth of cryptocurrency has been transferred from three addresses that belong to BingX without authorization[5].

Source from X [6].

The firm subsequently published an enhanced audit with assistance from the blockchain security company SlowMist which said so far they have tracked about $44.7 million in losses [6].

Match Systems, another blockchain security firm claimed that due to the breach, assets worth more than $48 million were stolen from 9 crypto wallets. BingX later admitted they are still calculating how much was taken [7]. 

Source from X [7].

Vivien Lin, Chief Product Officer at BingX, also stated that they are still assessing the extent of the losses. While reassuring users that the operations of the platform were not impacted by the cyber attack and that the financial impact was borne by their capital reserves.

“We hope all platforms to unite in fighting hackers by sharing and publicizing confirmed hacker addresses. By doing so, we can deter and punish malicious behavior in advance,” Lin shared in a post on X [8].

In an effort to recover the stolen funds, BingX extended a generous bounty offer to the hacker, according to Bitrace. The company sent a message offering a 10% reward for the return of the assets. BingX added that if the hacker complied, they would stop all tracking, data collection, and analysis efforts. However, failure to cooperate would result in continued investigations with the FBI, local law enforcement, and the broader community to enforce actions and recover the full amount [9].

Since then, BingX has been following up on the hackers’ wallet addresses and the movement of funds on them. Following the attack, withdrawals were restored on September 21, with deposits resuming a day later. The company emphasized that a large proportion of its assets are still held in cold storage, with only a minimal amount kept in hot wallets to facilitate withdrawal demands.

A Broader Pattern of Crypto Thefts

This incident is not isolated, but it is part of the disturbing experiences in the cryptocurrency industry where there have been hacks and cyberattacks on exchanges and wallets resulting in billions of dollars of losses. Although there are improvements in blockchain technology and even security protocols, the presence of adversaries holds the possibility of new exploitations to be developed to either technology flaws or human shortcomings.

Implications for Information Security and Privacy

This incident emphasizes the need for additional cybersecurity safeguards in the cryptocurrency domain. Cryptocurrency platforms do not enjoy regulatory safeguards or asset-insured deposits unlike traditional banks do, thus users are vulnerable at the time of the attack.

Key security concerns include:

  • Phishing and Social Engineering: Many professional hackers rely on social engineering to fool employees and users into providing access to sensitive systems through proper means that are otherwise restricted.
  • The Challenge of Recovery: In the event that digital assets are lost once again, they are almost impossible to salvage due to the decentralization and anonymity of the blockchain network. Tracking stolen funds through mixers and crypto tumblers adds another layer of complexity for law enforcement.

Looking Ahead

Exchanges and wallet providers are obliged to put in place security measures that are more effective than the current ones, including:

  • Multi-Factor Authentication (MFA): Although it may be inconvenient, all platforms must implement MFA restrictions that would help limit the possibility of any unauthorized access.
  • Cold Wallet Storage: With the majority of their client’s funds being kept in offline wallets, can mitigate the damage caused by online breaches.
  • Regular Audits: By frequently conducting these, security providers check that vulnerabilities are rectified before any exploit happens.
  • Users Should Adapt to Advanced Standards: Users must be trained to recognize the threats of phishing and the importance of private keys.

The audacious theft of 44 million dollars in cryptocurrency from a platform based in Singapore is a testimony that even in this age of digital optimism, security vulnerabilities are still rampant in cryptocurrency. The amount of cryptocurrency that was compromised due to hacks in the first half of 2024 was nearly twice that which was reported in the same half of the previous year due to large-scale hacks and also increasing price of crypto according to a blockchain assessment made by TRM Labs research [10]. By 24th June of the year 2024, more than $ 1.38 billion in terms of crypto assets had been compromised as compared to 657 million dollars that were stolen the year before. In addition, the size of the average theft went up by one and a half times as compared to the year 2023.

Now that cryptocurrency is on the way to being accepted by the mass population, it is essential that both the users and the platforms make sure that the digital assets are adequately protected. It is pertinent to note that there is a need for better policies that will instill the confidence of people in entering this financially lucrative space.

This event highlights the importance of cybersecurity in protecting not only financial assets but also the privacy of individuals involved in digital currency transactions. As cyber threats evolve, so too must the defenses that protect against them.

References

  1. https://support.bingx.com/hc/en-001/articles/37913349630361-Notice-on-the-Temporary-Wallet-Maintenance-2024-09-20
  2. https://x.com/BingXOfficial/status/1836938477570773470?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1836938477570773470%7Ctwgr%5Ec85d3188751440bbe5bf8ed516b6e3c4bdbc8788%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F168703%2Fcyber-crime%2Fhackers-stole-44m-from-bingx.html
  3. https://x.com/peckshield/status/1836927530449916132
  4. https://support.bingx.com/hc/en-001/articles/37918505986585-Notice-on-the-Wallet-Maintenance
  5. https://x.com/Bitrace_team/status/1845850654201520196
  6. https://docs.google.com/spreadsheets/d/16PW8HZiK4xpTaCmk_tj2-xHFdAkE1qNu2M9MqsdAhjM/edit?gid=0#gid=0
  7. https://x.com/MatchSystems/status/1837006124869906663?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1837006124869906663%7Ctwgr%5E983a07c77f62397167e4c8a8e8deab4c39f12de8%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fbingx-offers-bounty-after-44m-hack%2F
  8. https://x.com/Vivien_BingX/status/1837064960192696400?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1837064960192696400%7Ctwgr%5E356948774f1ef77759e82a5a14af0d69e653495c%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fsecurityaffairs.com%2F168703%2Fcyber-crime%2Fhackers-stole-44m-from-bingx.html
  9. https://x.com/Bitrace_team/status/1838049493000073256
  10. https://www.trmlabs.com/post/thefts-from-hacks-and-exploits-surge-in-first-half-of-2024

Join the Conversation

17 Comments

  1. Interesting post Michael!
    Hackers are so determined and would exploit any and every thing to achieve their goal!
    $44million in cryptocurrency is no minor losses and this would be disturbing to their customers. I hope BingX is able to recover from this hit and better secure their platforms from sensitizing their employees to tightening their security across all platforms. The world is watching and learning. Cybersecurity is no joke.

    1. Thank you, Ukamaka! You’re right. This kind of financial loss is hard for both the company and its customers to absorb. The recovery process will require BingX to reevaluate and reinforce its security protocols at every level. Cybersecurity demands constant vigilance and adaptability, especially in industries like crypto. Let’s hope this incident prompts not only BingX but the entire industry to invest more heavily in robust cybersecurity defenses.

  2. Nice post!!! The security system of a wallet is weak generally, and the effect of it being attacked is always on the high side. wallets are easily attacked and sometimes it is mainly the fault of the end user exposing their credentials and I usually advise people not to keep large amounts of money in their wallet because it can be exploited by anyone. the case in this post the hackers know exploited the wallet weakness

    1. Thanks, George. You bring up an excellent point about the vulnerability of crypto wallets and how end user behavior sometimes plays a role in security breaches. Educating end users on best practices, like using strong passwords and limiting the amount they keep in their wallets is essential. As you mentioned, weaknesses in wallet security can lead to significant losses, and hackers are always ready to exploit any gap.

  3. The $44 million theft from BingX is a wake-up call for the entire cryptocurrency industry. It highlights how even established platforms can fall victim to sophisticated attacks. As we push for wider adoption of crypto, we must also advocate for stronger security protocols and user education. This incident shouldn’t just be seen as a loss, but as an opportunity to reassess and reinforce our defenses.

    1. I appreciate your thoughts on my post, Kamaldeep! This breach really is a wake-up call as it highlights the urgent need for stronger, industry-wide security protocols. As the adoption of cryptocurrencies grows, it is essential for platforms to prioritize end user education and reinforce their defenses. If these lessons are acted upon, we may see a more secure crypto landscape.

  4. Great post Michael. Seeing the totals of all the crypto currency that get stolen every year is a crazy number. It going up year to year is also scary and concerning. Like you mentioned in the post how crypto with it being decentralized doesn’t have the safeguards regular banks have by being regulated and insured. Though by the nature of how crypto currency work once the hack is done it’s hard to recover the funds. By design it’s supposed to be anonymous and final when transactions are put through making them unchangeable. Which when a theft occurs means that the theft is final and can’t be simply reversed. I personally don’t believe that much in crypto currencies they don’t provide much value to everyday people and regular currencies are still available online and can be used digitally. Most people don’t need or want their money and currency to be decentralized and anonymous on the blockchain.

    1. Thank you, Hayden! The decentralized nature of crypto is both its strength and, as we see here, a potential weakness when it comes to recovering stolen assets. The finality of blockchain transactions, while designed for transparency, does make it nearly impossible to reverse thefts. Understandably, some people feel that traditional currencies and banking systems still offer a level of security and trust that crypto currently struggles to match. It will be interesting to see if, in time, crypto can bridge these gaps.

  5. Informative post, Michael! Cryptocurrency has become so influential that even a minor threat to it can pose a significant risk to the global economy. It even impacts world politics and socioeconomic situations nowadays. The technology, Blockchain, has its own risks, such as improper implementation or the potential threat of quantum computing. Proper wallet management is crucial for users, whether it’s for cryptocurrency or traditional banking apps. Users must carefully maintain their credentials. It’s high time for all financial organizations to educate their customer base about cybersecurity. Simultaneously, these companies should establish dedicated teams to manage cybersecurity measures. This post should inspire us to manage our digital transactions, including financial and personal information, more securely.

    1. Thanks, Fahim. You’re right. Cryptocurrency’s influence is now so widespread that incidents like this can have global ramifications. The rise of quantum computing, as you pointed out, could indeed pose a future threat, and organizations must stay vigilant. User education and proactive cybersecurity measures are critical. Let’s hope the industry can continue to evolve alongside these technological advancements to protect both users and the economy.

  6. Great post, Michael!
    This article clearly highlights the serious security problem at BingX. While BingX’s “minor” loss claim contrasts with reports of $44 million stolen, transparency is essential to maintain user trust. The significant rise in cryptocurrency risks in 2024 shows that we need better security measures right away. This includes using multi-factor authentication, cold wallet storage and regular audits. BingX is encouraging collaboration within the industry to combat hackers, which is a positive initiative. However, it is also very important to teach users about phishing and how to stay safe online. This event shows that as cryptocurrencies become more popular, strong security measures are necessary to keep users and their money safe.

  7. Good job, Michael! Well, this incident highlights the growing imperative for the cryptocurrency industry to set and follow foolproof security protocols. Unfortunately, unlike traditional financial enterprises, most cryptocurrency platforms lack the necessary regulatory frameworks for their operations, which makes them susceptible to hackers’ attacks. Security measures like multi-factor authentication (MFA) and cold storage solutions to keep cryptocurrency wallets offline are highly needed for those platforms. At the same time, cooperation between industry leaders can enhance threat information exchange in combating these cyber threats.

  8. Thanks for the post Michael! I was wondering if they have found how the hackers coordinated the attack. I was surprised that they noticed the abnormal network and the response is to unplug the computer to stop the attack. Although it is a good measure to stop it, I think that there should be other measures to respond and to keep operations going. It is impressive how much money can be moved in a short period of time. As you mentioned, I also think that crypto providers should take more verifications to authenticate the movement of big amounts of money.

  9. Very interesting post, Michael! I was surprised by how this attack occurred in Singapore out of all the countries in the world given the emphasis placed on safety in Singapore. Currently, Singapore is one of the safest countries to live and open a bank in. It is frightening to see that hackers were able to penetrate this Singapore-based platform and steal $44 million. This is not a simple matter. What increases my worries about other digital currencies is that the penetrators still remain hidden highlighting the importance of educating cyber professionals to better protect and identify cyber criminals. As you mention, regular audits, advanced standards, and cold-wallet storage can mitigate such damage caused by online breaches.

  10. Great post Michael. The BingX incident highlights the pressing need for enhanced security practices in the cryptocurrency space. This breach also serves as a reminder that, despite advancements in blockchain technology, malicious actors continue to find new ways to exploit vulnerabilities. The industry future depends on its ability to adapt and reinforce safeguards in the face of ever-evolving cyber threats.

  11. Very well articulated, Michael!
    Your thought processes around BingX blockchain attack and how BingX tried to use intelligent blockchain tracing service providers spotted new cyber SaaS services. It is astonishing to realize that $1.8b in cryptocurrency was lost in 2024 which doubled compared to 2023. It is imperative to emphasize the Know-Your-Customer (KYC) as an essential security measure in crypto-currency (Damsker, A.2024) [1]. Many crypto-exchange platforms allow full privacy for users, however, when crypto exchanges happen, the only traceability left is the transaction blockchain addresses. This lack of traceability puts the exchange platforms in a tough position trying to recover lost money with less control and hoping the attacker would take the wrong move and liquidate the crypto funds into monetary form (e.g., USD bank account). Thus, KYC is a crucial and essential step to the exchange platform before the customers.

    [1] Damsker, A. (2024). Understanding DeFi : the roles, tools, risks, and rewards of decentralized finance (First edition.). O’Reilly Media, Inc.

  12. Hi Michael, I found your discussion post exceptionally engaging and truly enjoyed reading it all the way through. I was especially surprised when I found out the amount of money that was stolen from BingX. $44 million really shows us how vital cryptocurrency has become. The attack, which targeted BingX’s hot wallet, forced us to change the holding strategy for these asset management companies. By utilizing an offline approach to holding essential items, cold wallet storage helps reduce susceptible breaches prone to hot wallets. Lastly, the retrieval process of stolen digital asses is challenging due to the widespread anonymous nature of blockchain, and this forces us to utilize a more robust defense mechanism that will prevent large-scale issues. The growing industry of cryptocurrency must foster more robust security protocols to build user confidence and trust.

Leave a comment

Powered by UCalgary

The views, information, or opinions expressed on this site are solely those of the individual(s) involved and do not necessarily represent the position of the University of Calgary as an institution.

Website Terms & Conditions | Privacy Policy | Copyright © 2024