Hackers Target Phemex Hot Wallets, Steal Ethereum and Other Assets

Highlights:

• Phemex lost $70 million through a cyberattack by the North Korean hackers targeting hot wallets.
• Phemex has assured users that the cold wallets are safe and withdrawals will resume soon.
• The timing enabled the attackers to blend their transactions into normal trading activity.

Phemex, a cryptocurrency exchange based in Singapore lost more than $70 million in their security breach on January 23. Blockchain analytics firm PeckShield has noted that the exploit targeted the exchange’s hot wallets across multiple blockchain networks. Several major cryptocurrencies were impacted in the attack causing substantial financial loss.

#PeckShieldAlert #Phemex has been hacked, resulting in a loss of ~$69.1M worth of cryptos.
Here is our latest summary of stolen #Phemex funds in multiple chains: https://t.co/O3GgZOccPJ pic.twitter.com/IdWDNcNZj7

— PeckShieldAlert (@PeckShieldAlert) January 24, 2025

The hackers were able to drain up to $20 million worth of ETH and stablecoins. They got away with XRP worth $13 million and Solana worth $17 million. The attackers targeted stablecoins such as Tether and USD Coins. They immediately converted the stablecoins to Ethereum. They used the tactic to avoid redlisting mechanisms and increase liquidity for the stolen assets.

The multi-chain nature of the attack demonstrated the attackers’ technical expertise. Hacken analysts suggest that the culprits might be linked to North Korea. The incident is one of the biggest cryptocurrency hacks of 2025 to date.

Actions Taken After the Security Breach

After the breach, Phemex made every effort to protect other assets. Security firms flagged unusual activity, and the exchange suspended withdrawals immediately. Phemex CEO Federico Variola tweeted reassurance on X that the cold wallets were secure and that users could check them.

Phemex will execute its withdrawal service restoration through sequential deployment phases. On Jan 24, Variola announced the resumption of limited USDT and USDC withdrawal options. Users must submit withdrawal requests on the platform, which are then manually checked by staff for security.

Hello all, we estimate to resume USDT and USDC withdrawals in approximately 6 hours from now, securing the hot wallets architecture remains the main priority, thank you for the understanding.
Other services like MemeX will also reprise around that time, and as usual PoR is…

— Federico0x @Phemex (@Federico0x) January 24, 2025

Phemex solved the issues that customers had. Through the company’s official website, users can check the safety status of their assets. The company apologized for interrupting withdrawals and promised to share the details of the compensation plan soon.

Details of the Phemex Hack and Ongoing Investigation

The hackers used advanced techniques to target wallets on multiple blockchain networks. Moreover, Security logs show that the attackers found ways to consolidate the stolen assets and quickly convert them to Ethereum.

The investigations into the breach indicate that the attackers used automated scripts to help speed up the process of transfer and conversion of the assets. This tactic makes it hard for the platform to freeze or recover the stolen assets. Phemex has not revealed the exact technical details of how the exploit occurred. The exchange has assured the customers that it is working with blockchain security firms to trace the funds.

The attack happened during peak Asian trading hours, which might have delayed its initial detection. The timing enabled the attackers to blend their transactions into normal trading activity. The technical expertise behind the approach and rapid asset consolidation indicates that experts made the hack.

Meanwhile, blockchain security firms have collaborated to identify if the stolen funds have appeared on other exchanges or services. These efforts may help recover and limit the impact of the hack.