BingX hack
On September 20, 2024 the Singapore-based exchange BingX lost an estimated $52M when attackers compromised hot wallets across seven+ chains. Security firms said the laundering pattern matched North Korea's Lazarus Group. BingX froze withdrawals (calling it 'wallet maintenance') and recovered part of the funds.
Also known as: BingX, BingX hack
Summary
On September 20, 2024, BingX detected unauthorized withdrawals from its hot wallets spanning Ethereum, BNB Chain, Base, Optimism, Polygon, Arbitrum, and Avalanche, with losses estimated around $52 million. The exchange initially described the outage as temporary "wallet maintenance" before confirming a security breach. [1][2]
Attribution and response
Blockchain security firms observed the attacker rapidly swapping stolen altcoins into ETH and BNB across many addresses — tactics consistent with the North Korea-linked Lazarus Group, to which several 2024 exchange hacks were attributed (attribution by the cited firms, not a court finding). BingX froze withdrawals about an hour in and worked with partners to freeze roughly $10M of the stolen assets. [1][3]
Bracketed numbers refer to the numbered sources listed below.
Sources (3)
See also
- Gala Games exploitTokensOn May 20, 2024 an attacker abused a privileged minter account on the GALA token contract to mint 5 billion GALA (≈$200M+ nominal) and dumped ~600M of them for ~$22M of ETH before Gala froze the address. Gala Games called it an internal access-control failure; the attacker later returned the ~$22M.
- HEX / PulseChain (Richard Heart)ProjectsCrypto projects (HEX, PulseChain, PulseX) created by Richard Heart (Richard Schueler). In July 2023 the U.S. SEC sued him for offering unregistered securities that raised $1B+ and for allegedly misappropriating ~$12M for luxury goods (including a 555-carat diamond). A court dismissed the case in 2024 for lack of U.S. jurisdiction; there was no finding of wrongdoing and Heart denies the allegations.
This page was last updated on Jun 15, 2026. View revision history.