Over $50M possibly stolen in BingX hack, North Korea’s Lazarus group involved?
invezz.com 20 September 2024 09:37, UTC
Singapore-based crypto exchange BingX became the latest victim of an exploit that saw over $50 million worth of funds drained from its hot wallets.
According to a report from Cyvers, several suspicious transfers were detected from BingX’s hot wallets on September 20 at around 4 AM Singapore time. The hacker drained several cryptocurrencies including USDT, WUSD, USDC, BTCB and ZRO among.
The breach has compelled BingX’s technical team to activate its emergency plan, which included halting withdrawals and securing its assets.
Meanwhile, BingX chief product officer Vivien Lin has assured that most of the exchange’s customers’ assets were held in cold wallets, which were not affected by the hack.
Lin, confirmed that the breach occurred on Sep. 20 and involved a “minor asset loss,” adding that the exchange has transferred remaining assets to secure locations and is conducting a thorough inspection of its systems.
Further, withdrawals are expected to resume within 24 hours, and the exchange has promised to compensate users for any losses using its own capital.
Analysts have traced the stolen funds to two wallet addresses, and part of the funds have already been swapped to ETH and transferred through decentralised exchanges like Uniswap and Kyberswap in an attempt to obscure their origin.
Swapping to ETH is a common technique employed by attackers as the Ether cannot be blacklisted, compared to other ERC-20 tokens.
Blockchain forensic firm PeckShield initially estimated the loss at $26.68 million before revising it upwards to $43 million, with Cyvers reporting that losses could have exceeded $52 million.
The total extent of losses is yet to be announced by BingX, which is set to host an AMA session with Lin for community members on X spaces later today. Despite the attack, BingX clarified that its trading services were fully operational.
The exchange emphasized that the breach has not compromised its overall security, citing its layered asset management system, which includes both hot and cold wallets for handling customer funds
EtherScan data shows that the hacker’s address received millions of dollars in various cryptocurrencies, and the wallet held over $5.5 million worth of assets at the time of the report.
North Korea’s Lazarus group targeting centralised exchanges?
Unfortunately, BingX is just one of the centralised crypto exchanges that have been targeted in the past months and followed a pattern often seen in attacks orchestrated by North Korea’s Lazarus Group, which is notorious for its crypto heists.
On September 11, Indodax, a crypto exchange based in Indonesia, saw its hot wallet breached for $22 million worth of various cryptocurrencies including Bitcoin, Ether, Polygon, and Tron alongside other tokens.
Cyvers Head of AI Yosi Hammer indicated that the Lazarus group may have had a role in the exploit.
Similarly, in June, the Indian crypto exchange WazirX lost over $230 million from its hot wallet which held 45% of the platform’s customer funds.
While the losses in the case of Indodax were limited, WazirX was crippled as the platform wasn’t able to maintain a 1:1 collateral. At the time, on-chain sleuth ZachXBT suggested the Lazarus group’s involvement in the attack.
Beyond centralised platforms, the $4 million attack on defi protocol Alex Labs in June was also speculated to be executed by Lazarus.
As previously reported by Invezz, the North Korean state-backed hacking group has been involved in more than 25 hacks across various blockchains from August 2020 to October 2023.
The post Over $50M possibly stolen in BingX hack, North Korea’s Lazarus group involved? appeared first on Invezz