Singapore-based cryptocurrency exchange BingX recently became the target of a significant security breach. It resulted in the theft of over $43 million from its hot wallet. The attack, which occurred on September 20, 2024, compromised over 360 types of altcoins, including major tokens like Ethereum (ETH), Binance Coin (BNB), and USDT. Although the exchange responded swiftly by suspending withdrawals and launching an investigation with blockchain security firms, the incident has reignited concerns about the security of hot wallets used by centralized exchanges.
BingX Hack Response and Compensation Promise
In the immediate aftermath, BingX pledged to fully compensate all affected users using its reserves, ensuring the losses would not impact customer holdings. According to Vivien Lin, Chief Product Officer at BingX, the exchange views the incident as “manageable” and has committed to restoring user funds. As part of their recovery strategy, BingX resumed withdrawal services for major tokens like Bitcoin, Ethereum, and USDT just days after the attack. Other tokens are expected to follow in the coming weeks.
Despite this positive response, the attack on BingX is yet another reminder of the inherent vulnerabilities of hot wallets. These digital storage tools are always connected to the internet and are thus more susceptible to hacks.
The Hot Wallet vs. Cold Wallet Debate
Hot wallets are essential for enabling fast and frequent transactions on exchanges. However, they are particularly vulnerable to cyberattacks due to their constant internet connection. In contrast, cold wallets offer a far more secure alternative. They store your digital assets offline and are, therefore, less accessible to hackers. BingX’s reliance on hot wallets for liquidity purposes mirrors the operational models of many centralized exchanges. That practice makes them attractive targets for increasingly sophisticated attackers.
Several industry experts have suggested that exchanges should move more funds into cold storage to mitigate these risks. Cold wallets are less convenient for day-to-day operations but can protect the bulk of user funds in the event of an attack.
The BingX hack has reignited a debate within the cryptocurrency industry about the balance between operational convenience and security. Advocates for greater reliance on cold wallets point to other recent exchange hacks — such as the breaches at Indodax and WazirX — as examples of the need for stronger security measures in an industry that has already suffered billions of dollars in losses due to cyberattacks.
Operational Resilience and Industry Trends
While the risks associated with hot wallets are well understood, many exchanges still prioritize speed and liquidity. That requires a portion of funds to remain accessible for rapid transactions. The need to maintain liquidity, especially in volatile markets, forces many exchanges to keep hot wallets active for user withdrawals and trading activities. However, as hackers become more sophisticated, the reliance on hot wallets has become a growing risk.
BingX has taken steps to reassure its users by freezing $10 million of stolen funds. They work closely with security firms such as SlowMist and Chainalysis to trace and recover the remaining assets. This rapid response, combined with the exchange’s commitment to compensating affected users, has so far helped mitigate the potential reputational damage.
However, the broader question remains: should exchanges shift more of their funds to cold storage to prevent future attacks, even if it means sacrificing some liquidity? This debate is now at the forefront of the industry, especially as centralized exchanges continue to be frequent targets of high-profile hacks.
>>> Read more: Crypto Cybercriminals Target CEXs Amid 2024 Crime Surge
The BingX hack, while handled effectively in terms of user compensation, is a stark reminder that exchanges must continually evolve their security strategies to stay ahead of increasingly sophisticated attacks. The incident has fueled calls for exchanges to reassess their reliance on hot wallets, prompting a reevaluation of security protocols across the industry.
As the cryptocurrency market matures, the balance between operational efficiency and security will likely continue to drive innovation in asset management strategies. Cold wallets should become the cornerstone of a more secure future for user funds.
Readers’ frequently asked questions
What exactly happened during the BingX hack?
On September 20, 2024, BingX’s hot wallet was breached in a significant cyberattack. The hack occurred around 4 a.m. Singapore time, with hackers exploiting the exchange’s hot wallet, which is always connected to the internet for fast transactions. Initially, the estimated loss was around $26 million, but further investigation revealed that the total amount stolen exceeded $43 million. Some reports suggested it could be even as high as $52 million​.
The hackers drained over 360 types of cryptocurrencies, including major tokens like Ethereum (ETH), Binance Coin (BNB), and Matic. Most of the stolen funds were quickly moved to decentralized exchanges, where they were swapped for ETH and BNB. According to PeckShield, 4,526 ETH and 7,864 BNB were among the assets liquidated​.
BingX promptly suspended all withdrawals and initiated a detailed investigation with the help of blockchain security firms such as SlowMist and Chainalysis. They managed to freeze around $10 million of the stolen funds. The rest had already been traded on decentralized platforms like Uniswap and Kyberswap​.
Despite the attack, BingX reassured users that most of their funds were safe in cold storage. Further, the exchange committed to compensating users for the losses through its reserves. BingX resumed partial withdrawals soon after the hack, focusing on major tokens like Bitcoin, Ethereum, and USDT.
Why are cold wallets considered safer than hot wallets?
Cold wallets are offline storage devices, making them much harder for hackers to access than hot wallets, which are always connected to the internet. While hot wallets are convenient for frequent transactions, they are more vulnerable to cyberattacks. Cold wallets provide a safer option for long-term storage and are less likely to be targeted in a hack.
How can users protect their cryptocurrency from hacks?
Users should store their assets in cold wallets to reduce the risk of losing funds in a hack, especially for long-term holdings. Using strong passwords, enabling two-factor authentication, and avoiding large balances on exchange-provided hot wallets are also essential practices. This can help users avoid being affected when centralized exchanges like BingX are compromised
What Is In It For You? Action Items You Might Want to Consider
Consider moving long-term holdings to cold storage
Given the vulnerabilities highlighted by the BingX hack, limit exposure using cold wallets for large or long-term holdings. Cold storage provides a safer, offline option that’s much harder for hackers to breach. This is particularly important for traders who don’t need frequent access to their funds. It significantly reduces the risk of loss in future exchange attacks.
Be cautious with the amount of funds kept in exchange hot wallets
While exchanges offer convenience for fast transactions, hot wallets are vulnerable to cyberattacks, as demonstrated by the BingX breach. Consider keeping only the amount you need for active trading in hot wallets. Immediately withdraw any profits or unused funds to a personal wallet for better protection.
Implement additional security measures on exchange accounts
If you regularly use centralized exchanges, strengthen your account security by enabling two-factor authentication (2FA), using strong passwords, and keeping your account details private. These simple actions can add an extra layer of protection to your funds in the event of another exchange hack.
