BingX reported abnormal network access on September 19 after attackers drained about $44.7 million from hot wallets across Ethereum, BNB Chain, Polygon, and other networks. Public tracking by Tayvano, PeckShield, Cyvers, SlowMist, and others identified multiple exploiter wallets and rapid cross-chain fund movement while the exchange suspended withdrawals and moved remaining assets. Cyvers noted that the use of multiple wallets to swap altcoins into ETH and BNB before consolidation resembled tactics seen in past Lazarus operations, but the source leaves the attribution speculative. The incident is most useful for DPRK tracking as a possible Lazarus-style cryptocurrency theft pattern, not as confirmed Lazarus activity.