BingX assured its users that withdrawals will resume shortly and that affected funds will be compensated. Meanwhile, hackers hijacked the Supreme Court of India’s YouTube channel to promote an XRP scam, and even played a fake livestream featuring Ripple CEO Brad Garlinghouse. Germany shut down 47 crypto exchanges for facilitating criminal activities by failing to comply with anti-money laundering regulations, and two men were arrested in the US for stealing more than 4,100 Bitcoin from a Genesis creditor through a sophisticated social engineering attack.
BingX Hot Wallet Hacked
Singapore-based crypto exchange BingX confirmed that it suffered a minor asset loss after suspicious outflows from one of its hot wallets. The issue came to light after abnormal network access was detected around 4:00 am Singapore time, which led the BingX team to suspect a hacker attack on the wallet.
BingX’s Chief Product Officer, Vivien Lin, explained in a post that the exchange immediately started its emergency response by transferring assets and suspending withdrawals to prevent any further loss. While she explained the amount of the loss is still being calculated, the exchange reportedly only keeps a very small amount of crypto in its hot wallets. In the post, Lin described the asset loss as “small.”
Blockchain security firm PeckShield initially reported a suspicious outflow of $13.5 million, but later revised the estimate to $26.7 million. Analytics platform Lookonchain also reported losses of more than $26 million.
Despite this, Lin still assured users that the loss was manageable. It was also announced that withdrawals will be restored within 24 hours, and the exchange will fully compensate for any affected funds. A spokesperson for BingX added that the exchange routinely checks and maintains its wallets as a protective measure and promised to provide more details once the losses are fully calculated.
Criticism of the exchange's handling of the incident arose from Harrison Leggio, co-founder of crypto startup g8keep, who questioned whether BingX’s claim of “wallet maintenance” was merely an attempt to downplay the situation. According to EtherScan data shared by PeckShield, millions of dollars worth of tokens were transferred across various blockchains from one of BingX’s hot wallets.
Hackers Hijack Supreme Court of India’s YouTube
BingX is not the only hack victim over the past few hours. Hackers have taken over the Supreme Court of India’s official YouTube channel to run a Ripple and XRP scam.
On Sept. 20, the channel was rebranded to promote the fraudulent crypto scheme. The hackers played a fake livestream featuring Ripple Labs CEO Brad Garlinghouse, encouraging viewers to invest with promises of unrealistic returns.
In addition to changing the channel’s branding, the hackers also renamed the channel, changed its URL, and deleted all of the previous videos. YouTube responded by shutting down the compromised account due to a violation of its Community Guidelines. The scam livestream also included phishing links that are designed to steal funds from users who connected their crypto wallets. Once users approved the request, the hackers gained access to withdraw funds without authentication.
This incident is very similar to a similar XRP scam from April, when hackers took control of the popular gaming channel DidYouKnowGaming. In that case, YouTube was able to recover the account and its deleted content.
The number of breaches on YouTube is still increasing, and crypto hackers are increasingly targeting accounts. In July, the YouTube account of the band Ben&Ben was also hacked to livestream an XRP scam. The band later recovered part of their account with YouTube’s help.
Germany Shuts Down 47 Crypto Exchanges
Crypto crimes are not only limited to hacks. The German government shut down 47 crypto exchanges after accusing them of facilitating an underground economy for cybercriminals. Authorities claim the exchanges allowed criminals to conceal the origins of illegally obtained funds by failing to comply with anti-money laundering regulations. Some of the users of these platforms include ransomware operators, botnet controllers, and black market traders who used the services to convert illicit funds into legitimate currency.
A warning from Germany (Source: German government)
In a statement on Sept. 19, Germany’s federal criminal police, along with Frankfurt's prosecutor’s office and the cybercrime office, revealed that they seized the servers of the exchanges and gained access to registration data, transaction histories, and IP addresses. The seized websites now display a warning from the government, indicating that investigations are underway.
Among the platforms that were shut down was Xchange.cash, which has been operational since 2012, processing 1.3 million transactions for 410,000 users. Other exchanges, including 60cek.org, Baksman.com, and Prostocash.com, were also targeted because of their very high user activity.
Some of the exchanges targeted by the German government (Source: German government)
According to the German authorities, many cybercriminals operate from countries where they are either tolerated or protected, which makes it quite difficult to prosecute them.
Feds Bust Duo for Bitcoin Heist
Meanwhile, two men called Malone Lam and Jeandiel Serrano have been arrested and indicted for stealing $230 million worth of Bitcoin (BTC) from a Washington, D.C. resident who is believed to be a creditor of Genesis. The US Attorney’s Office for the District of Columbia announced the charges on Sept. 19, and revealed that the men conspired to steal and launder more than 4,100 Bitcoin by using sophisticated methods and aliases since August. The stolen funds were used to fund a very luxurious lifestyle, including international travel, luxury vehicles, and high-end purchases in Los Angeles and Miami.
Blockchain investigator ZachXBT helped in the case, and described it as a “highly sophisticated social engineering attack.” The men posed as Google and Gemini exchange support, convincing the victim to reset two-factor authentication and run screen-sharing software. This allowed them to steal the victim’s private Bitcoin keys.
The scam targeted a single Genesis creditor on Aug. 19, with the stolen funds being split across multiple parties and quickly moved through over 15 exchanges.
Other investigations linked Serrano and a third suspect, who is known as “Wiz,” to Ethereum addresses that received more than $41 million from two exchanges. With the help of forensic investigators, Web3 security firm zeroShadow, and Binance’s security team, over $9 million has been frozen, and $500,000 has already been returned to the victim.
The investigation is ongoing, and federal agencies including the FBI and IRS are involved in tracking the stolen funds.