How much was lost in the BingX hack?

The BingX hack resulted in $52.0M in losses on September 20, 2024.

What attack technique was used in the BingX exploit?

The BingX exploit utilized Hot wallet hack / Other. Understanding this attack vector is critical for smart contract auditors and developers building secure DeFi protocols.

How can developers prevent similar smart contract attacks?

Preventing smart contract hacks requires a combination of secure coding practices, thorough security audits, and understanding common attack vectors like reentrancy, oracle manipulation, and access control flaws. Smart Contract Hacking (SCH) provides hands-on training to help developers and auditors identify and prevent vulnerabilities before deployment.

BingX Hack

TOTAL LOST $52.0M

High #123 All-Time Sep 20, 2024 Hot wallet hack / Other ethereum

Affected Chain ethereum Incident surface

Recovered - No recovery reported

All-Time Rank #123 By amount stolen

Protocol Type CEX Target category

Incident Overview

Quick Summary

In September 2024, Singapore-based centralized exchange (CEX) BingX suffered a hack that resulted in the loss of approximately $52 million in cryptocurrency from its compromised hot wallets.

Details of the Exploit

The attack followed a trend of CEX hot wallet hacks in 2024, where attackers gained access to BingX’s wallets across multiple blockchain networks. The hacker exploited at least ten different addresses to collect a range of cryptocurrencies, which were then quickly swapped to Ethereum. While initial estimates of the loss were around $26 million, further investigation revealed the damage to be much greater, with the total loss rising to $52 million.

Although the exact method of the attack remains unclear, many security experts, including PeckShield and Cyvers Alerts, have linked the hack to the notorious Lazarus Group, known for its expertise in social engineering and cryptocurrency exploits.

This is classified as a Access Control Attacks . Compare similar hacks →

Incident Report

Protocol / Project BingX

Date of Incident September 20, 2024

Affected Chain(s) ethereum

Attack Technique Hot wallet hack / Other

Classification Infrastructure / CeFi

Primary Source View Post-Mortem

Protocol Information

Protocol Type CEX

Official Website bingx.com/

Protocol Twitter/X @BingXOfficial

Team Anonymous

Source Code Unverified

Market Context at Time of Hack

Token Categories

Base Ecosystem

Protocol Links

What the Attacker Needed to Succeed

Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.

Technical Knowledge Deep understanding of hot wallet hack / other and Solidity and EVM internals

Capital Required Seed capital to cover gas and initial position setup

On-Chain Access Ability to interact with ethereum smart contracts and deploy a custom exploit contract

Protocol Analysis Identification of the exploitable vulnerability in BingX's contract logic - root cause: infrastructure / cefi

Execution Speed Precise transaction ordering and timing to exploit the vulnerability within a single atomic block

Obfuscation Plan A strategy to launder and move stolen funds - typically through mixers, cross-chain bridges, or decentralized DEX swaps to resist tracing

What Auditors Should Check

Could this have been caught in audit? Likely — with a thorough Hot wallet hack / Other audit checklist and test coverage

If you're auditing a protocol with similar architecture to BingX, these are the critical security checks that could have prevented this incident (September 2024).

Verify all logic paths related to Hot wallet hack / Other are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs

Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.

Free Trial

Related Attack Classes

The technique used in this hack maps to these vulnerability classes in our security curriculum:

See all Access Control Attacks examples →

Access Control Attacks

Sources & References

01
Source 1 https://x.com/OnchainDataNerd/status/1836977341094150398
02
Reference https://x.com/BingXOfficial
03
Reference https://cointelegraph.com/news/bingx-minor-loss-hack-climbs

Threat Assessment

Severity Level

HIGH

Attack Vector Hot wallet hack / Other
Root Cause Infrastructure / CeFi
Year 2024

Learn to Prevent the Next BingX

The BingX hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.

Start Free Trial Browse Attack Library