Hackers steal $85 million worth of cryptocurrency from Phemex

The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency.

Following the Thursday cyberattack, the cryptocurrency exchange immediately suspended deposits and withdrawals and published proof of reserves for transparency.

According to Phemex’s CEO, Federico Variola, the incident only impacted hot wallets while cold wallets remained safe.

“On January 23, 2025, at 11:30 UTC, we detected unusual activity in our hot wallet,” reads the announcement on Phemex’s website.

“We quickly activated our emergency response mechanism, suspended related functions, and began addressing potential vulnerabilities.”

“The affected devices have been identified and isolated, and we have reported the matter to third-party security firms and law enforcement for further support and action.”

To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon.

Phemex and the development team apologize for the disruption.… https://t.co/Gsqp2Fx7HP
— Phemex (@Phemex_official) January 23, 2025

The stolen crypto was initially estimated to be $29 million, but crypto security firm PeckShield raised the estimate to $69 million on Friday.

However, on Sunday, the estimates increased again, with MetaMask’s Taylor Monahan calculating the stolen crypto to be worth at least $85 million.

The cryptocurrency exchange and trading platform says it has set up a new, more secure system, which its cybersecurity partner closely monitors.

Withdrawals are being gradually restored, with ETH, USDT, and USDC on Ethereum restored Friday, SOL, USDT, and USDC on Solana on Saturday, and Arbitrum, Optimism, BSC, Polygon, and Base yesterday.

Phemex notes that old deposit addresses should no longer be used, as manual review may delay transactions. Users with deposits still pending crediting are advised to contact customer support to resolve any issues.

Crypto heists of such scale are commonly carried out by North Korean hackers such as the Lazarus group, who specialize in these operations.

Late last year, the FBI linked the North Korean threat group ‘TraderTraitor’ to the May 2024 hack of DDM Bitcoin, resulting in losses of $308,000,000.

A broader estimate released by the U.S. government earlier this month attributes $659,000,000 of cryptocurrency losses this year to North Korean hacks, whereas Chainalysis reported a higher amount at $1.3 billion for 2024.

Phemex CEO Variola mentioned on X that the threat actor and the attack were “sophisticated” but omitted any specifics that could provide pointers for attribution.

As of yet, the threat actors who stole $85 million from Phemex remain unidentified.