Is BingX Safe and Legitimate? A 2026 Security and Regulatory Review
Security and regulatory standing are fundamental criteria when evaluating any cryptocurrency exchange. BingX is a platform with a genuine track record to assess: it has operated since 2018, grown to over 20 million registered users, published independently verified proof-of-reserves reports, and maintains a substantial protection fund. It has also experienced a material security breach.
This review examines BingX from a security and regulatory perspective for 2026. It addresses the September 2024 hack directly, documents the post-incident response, and evaluates where BingX currently stands on the security measures that matter most to active traders. The goal is an accurate, factual account rather than a promotional one.
The September 2024 Hack: What Happened and What Followed
On September 20, 2024, BingX's technical team detected unusual network activity indicating a breach of the exchange's hot wallet system. Blockchain security firm PeckShield confirmed the breach, with estimates of total losses ranging from approximately $43 million to $52 million across multiple blockchain networks. The stolen assets included ETH, BNB, MATIC, and over 360 altcoins, the majority of which were quickly converted to ETH by the attacker.
BingX's initial public statement described the losses as minimal, a characterization that was criticized as the true scale emerged. However, the exchange's operational response was constructive: withdrawals were suspended within hours of detection, assets were relocated to secure cold storage, and services were fully restored within 24 to 48 hours.
Most importantly, BingX committed to and fulfilled full compensation of all affected user funds from its own capital. No user balances were permanently reduced as a result of the breach. Following the incident, BingX launched its ShieldX security initiative, introducing enhanced wallet firewalls and continuous threat monitoring.
The 2024 incident is the primary security concern any prospective BingX user should weigh. It demonstrates that the exchange's hot wallet architecture carried vulnerabilities. It also demonstrates that BingX has the financial capacity to absorb a $43 to $52 million loss and compensate users fully, which is a meaningful signal of platform solvency.
Security Infrastructure in 2026
Since the 2024 breach, BingX has maintained and improved its security infrastructure. The platform stores the majority of user assets in cold storage, offline and isolated from internet-facing systems. Multi-factor authentication is mandatory before any withdrawal can be processed, requiring Google Authenticator, email, and phone verification simultaneously.
Security Feature | BingX Status |
Regulatory Status | Singapore-based. No confirmed tier-1 derivatives license (FCA, MAS, CFTC, MiFID II). |
Proof of Reserves | Monthly Merkle tree POR audits. 100% asset collateralization published and independently verified. |
Shield Fund | $150 million dedicated protection reserve for user asset security. |
Cold Storage | Majority of user assets held in cold storage, offline. |
Multi-Factor Authentication | Yes (Google Authenticator, email, phone verification required before any withdrawal) |
Anti-Phishing Code | Available and configurable per account. |
Address Whitelisting | Yes. Withdrawal addresses can be whitelisted with added confirmation delays. |
KYC Requirement | Required for full feature access and higher withdrawal limits. Some features available without KYC. |
September 2024 Hack | Hot wallets compromised. Approximately $43-52M drained. All affected users fully compensated. |
Post-Hack Security Program | ShieldX launched: enhanced wallet firewalls and 24/7 threat monitoring. |
Proof of Reserves and the Shield Fund
BingX publishes monthly Merkle tree proof-of-reserves reports. These reports confirm 100% asset collateralization: every user's balance is independently verified against the exchange's actual holdings. The Merkle tree method allows external verification without revealing individual account data. This is one of the more rigorous proof-of-reserves approaches available in the industry.
In addition to the POR program, BingX maintains a $150 million Shield Fund dedicated to user asset protection. This reserve exists specifically to compensate users in the event of a security incident that exceeds what can be managed through normal operating capital. The combination of monthly POR reporting and a dedicated protection fund represents a stronger transparency posture than many offshore exchanges.
Regulatory Status in 2026
BingX is headquartered in Singapore. The platform does not hold a confirmed tier-one derivatives trading license from a major financial regulator such as the FCA (UK), MAS (Singapore), CFTC (US), or a MiFID II authorized authority (EU). BingX is not available in the United States or the United Kingdom for its core trading products.
For traders in jurisdictions that require tier-one regulatory coverage, BingX's regulatory status is a limitation. For traders in supported markets, the exchange's proof-of-reserves program and Shield Fund provide a degree of transparency that partially compensates for the absence of a Western derivatives license.
KYC and Account Verification
KYC requirements on BingX have been tightened progressively. As of 2026, full platform access including higher withdrawal limits, P2P trading, and certain wealth products requires KYC verification. Basic trading is accessible with limited verification, but completing identity verification provides broader feature access and removes restrictions on withdrawal volume.
TetherBack and BingX: The Connection Explained
TetherBack connects to your BingX account using only your account UID. No API key is required and no withdrawal permissions are granted at any level. The link is administrative, enabling TetherBack to attribute the fee volume generated by your account for cashback calculation and distribution purposes only.
Connecting your BingX account to TetherBack introduces no additional security exposure to your BingX holdings.
An Honest Assessment
BingX is not a risk-free exchange. The 2024 hot wallet breach was a significant security failure, and the initial response underestimated its scale publicly. These are facts traders should weigh. On the other hand, the full user compensation, monthly proof-of-reserves program, $150 million Shield Fund, and post-incident ShieldX security upgrades represent a more substantial trust-rebuilding effort than many comparable exchanges have made after similar incidents.
Traders who are uncomfortable with a platform that has experienced a hot wallet breach should evaluate alternatives. Traders who assess exchanges on current security posture and transparency, not only historical incidents, will find that BingX in 2026 is materially better equipped than it was in September 2024.
Frequently Asked Questions
Was BingX hacked?
Yes. On September 20, 2024, BingX suffered a hot wallet security breach. Blockchain security firms estimated total losses of approximately $43 to $52 million across multiple chains. BingX compensated all affected users in full from its own capital and subsequently launched the ShieldX security program with enhanced wallet firewalls and 24/7 threat monitoring.
Did BingX users lose money in the 2024 hack?
No user losses were recorded. BingX pledged and fulfilled full compensation of all affected user funds from its own reserves. Trading and withdrawal services were restored within 24 to 48 hours of the incident.
Does BingX have proof of reserves?
Yes. BingX publishes monthly Merkle tree proof-of-reserves reports confirming 100% asset collateralization. User assets are independently audited and the results are publicly accessible.
What is the BingX Shield Fund?
BingX maintains a $150 million dedicated Shield Fund to protect user assets in the event of a security incident. The fund acts as a capital buffer beyond normal operating reserves.
Does BingX require KYC?
KYC requirements on BingX have been updated over time. As of 2026, KYC is required for full feature access including higher withdrawal limits, P2P trading, and certain wealth products. Some basic trading is accessible with limited verification, but completing KYC provides the broadest access to the platform.
Is BingX available in the United States?
No. BingX explicitly restricts access for US residents and citizens, across all states and territories, due to regulatory requirements set by the SEC, CFTC, and FinCEN. The UK is also restricted for certain products.
Is TetherBack safe to connect to my BingX account?
Yes. TetherBack connects using only your BingX UID. No API key is required and no withdrawal permissions are granted. Linking your BingX account to TetherBack does not introduce any additional security exposure to your BingX funds.
Glossary
Proof of Reserves (POR): A cryptographic audit confirming that an exchange holds sufficient assets to cover all user account balances, typically verified by an independent third party.
Merkle Tree Audit: A mathematical data structure used to verify that all individual account balances are included in a proof-of-reserves report without revealing private account data.
Hot Wallet: An exchange wallet connected to the internet that enables fast transaction processing. Hot wallets are more vulnerable to external attacks than cold storage.
Cold Storage: Cryptocurrency assets held in wallets not connected to the internet, significantly reducing exposure to online security threats.
Shield Fund: BingX's $150 million dedicated reserve fund maintained to compensate users in the event of a security incident causing fund loss.
ShieldX: BingX's post-2024 security program featuring enhanced wallet firewalls and around-the-clock threat monitoring, launched in response to the September 2024 hot wallet breach.
KYC (Know Your Customer): An identity verification process required by financial regulators to prevent money laundering and fraud. BingX requires KYC for full platform access and higher withdrawal limits.
Multi-Factor Authentication (MFA): A security mechanism requiring two or more verification steps to access an account or authorize a withdrawal.
Address Whitelisting: A security feature restricting withdrawals to pre-approved wallet addresses only, with a confirmation delay for any new address additions.
UID (User ID): A unique account identifier used by TetherBack to link exchange accounts without requiring API key access.
About TetherBack
TetherBack is a crypto cashback and rewards platform built for active traders who want to reduce effective trading costs. By partnering with supported exchanges, TetherBack shares a portion of trading fee revenue back to users in the form of cashback.
The platform does not hold user funds and does not operate as an exchange. Traders continue to execute trades directly on their chosen exchange while earning rewards through the partnership structure.
TetherBack focuses on cost efficiency, transparency, and providing traders with a structured way to maximize value from their existing trading activity.