BingX suffered a total loss of approximately $45 million worth of virtual currency due to a hacker attack.

Beosin Trace:

The attacker stole BingX's funds?through three funding lines:

The first funding line mainly stole stablecoins and large-cap value coins. After stealing virtual coins, they were exchanged for chain-based coins and?collected at the address 0x1Dd7dAf089C16856155FeFd7e2170966bb6b3AEE for fund sedimentation. The value of the stolen virtual currency is about $17.4 million.

Example of OP chain hacker stolen coins (only some of the stolen tokens are shown)

The second funding line is to steal a small amount of small-cap value coins. After stealing virtual coins, they were exchanged for chain-based coins and all were collected at the address 0xb0146aec3593410c8307b570af69adf4d74678b3 for fund sedimentation. The value of the stolen virtual currency is about $950,000.

Example of BNB chain hacker stolen coins (only some of the stolen tokens are shown)

The third funding line mainly steals BingX's small-cap coins. After stealing virtual coins, some tokens are converted into chain-based coins and transferred to the collection address 0xF26E64EF4300Ca027D2FFeDD7d765d7A3906091C, while some tokens are not converted and deposited in the original address. The stolen virtual coins are worth about $26.08 million.

At present, there have been no new movement regarding the stolen funds,users are reminded to pay attention to fund security. Beosin KYT has added the new attack addresses mentioned above to the black address tag library and will continue to monitor and alert them.

Example of eth chain hacker stealing funds (only some of the stolen tokens are shown)

According to Beosin Trace tracking analysis, the results?are as follows:

The value of stolen tokens on the ETH chain is approximately $14.69 million. The attacker transferred some tokens to a new address, while the remaining funds were temporarily deposited in the original address between (UTC) 2024/09/20 00:59:35~(UTC) 2024/09/20 01:10:59

Hacker ETH Chain Address:

0xF7e8033366166f92eb477B7B38e0D47d47b43326

0xF26E64EF4300Ca027D2FFeDD7d765d7A3906091C

On the BNB chain, the stolen coins were replaced with a value of approximately $7.53 million. The attacker created?two new addresses on the chain and transferred?a portion of the stolen tokens?between (UTC) 2024/09/19 22:08:39~(UTC) 2024/09/20 01:15:07.

Hacker BNB Chain Address:

0xF7e8033366166f92eb477B7B38e0D47d47b43326

0xF26E64EF4300Ca027D2FFeDD7d765d7A3906091C

0x63DC352ddFc17Aa04EdAc47ce36e186C1e54b02C

On the ARB chain (worth approximately $2.033 million) ,the attacker created two new addresses on the chain at (UTC) 2024/09/20 00:59:01, and transferred a portion of the stolen tokens, which were?exchanged for 783 ETH, to the new address. The stolen GRAIL and ZZZ were also transferred to another new address, while the remaining funds were temporarily deposited at the original address.

Hacker Arb Chain Address:

0xF7e8033366166f92eb477B7B38e0D47d47b43326

0xF26E64EF4300Ca027D2FFeDD7d765d7A3906091C

0xcfc14fa81226074036622976d95897ff84b58d66

The value of replaced coins in ploygon chain theft is approximately $734000. From (UTC) 2024/09/19 23:31:41～(UTC) 2024/09/20 00:32:36, the attacker exchanged a portion of the stolen tokens for pol and mee tokens and transferred them to a new address.

Hacker ploygon chain address:

0xF7e8033366166f92eb477B7B38e0D47d47b43326

0xF26E64EF4300Ca027D2FFeDD7d765d7A3906091C

0xcfc14fa81226074036622976d95897ff84b58d66

On the AVAX-C chain(worth approximately $281000)?and FTM?chain(worth approximately $50000),the attacker transferred all the stolen coins to a new address between (UTC) 2024/09/20 00:06:22~(UTC) 2024/09/20 01:40:20.

Hacker Address:

0xF7e8033366166f92eb477B7B38e0D47d47b43326

0xF26E64EF4300Ca027D2FFeDD7d765d7A3906091C

On the OP chain, the stolen coins were replaced with a value of approximately $1.05 million. Between (UTC) 2024/09/19 22:11:11~(UTC) 2024/09/20, the attacker converted a portion of the stolen USDT into ETH and transferred it to a new address, while the remaining funds were temporarily deposited at the original address.