Singapore-based cryptocurrency exchange Phemex has fallen victim to a cyberattack that resulted in the theft of over $85 million worth of assets.
The incident occurred on January 23, when multiple suspicious transactions were observed across several blockchains, with an initial estimate setting the potential losses at $29 million.
Over the weekend, however, the estimate grew to more than $85 million, as more fraudulent transactions were identified across 16 blockchains.
Phemex immediately suspended deposits and withdrawals for most chains, temporarily halted withdrawals for Bitcoin and Ethereum, and released a Proof of Reserves (POR), for transparency reasons.
“We quickly activated our emergency response mechanism, suspended related functions, and began addressing potential vulnerabilities. The affected devices have been identified and isolated, and we have reported the matter to third-party security firms and law enforcement for further support and action,” Phemex said in an incident notice.
The cryptocurrency exchange resumed withdrawals over the weekend, informing users that it updated its deposit address and that transactions would likely take longer times, as deposits sent to the old address would be manually reviewed and credited.
“Our new system is now live and routinely monitored by our cybersecurity partner, with significant improvements in security and reliability. All operations have been gradually restored, and we ensure the absolute safety of user assets,” the crypto exchange announced.
On Thursday, Phemex said on X (formerly Twitter) that it was working on a compensation plan that should be announced soon, and that trading services remained operational.
Shortly after, Phemex CEO Federico Variola said on X that the attack was orchestrated by a sophisticated threat actor, without attributing it to a known group.
The heist was reportedly perpetrated by experienced hackers, possibly linked to North Korea, given the precision of the operation: funds were manually drained from hot wallets across multiple chains at the same time, tokens were immediately swapped, and assets were sent to new addresses, for laundering.
According to researchers, an access control breach was the root cause of the incident, as it provided attackers with control over Phemex’s hot wallets.
The US, Japan, and South Korea reported recently that North Korean hackers stole roughly $660 million in cryptocurrency last year.
Related: Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024
Related: North Korean Hackers Hit Latin American Banks
Related: Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
