Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Drain Over $85 Million From Crypto Exchange Phemex

Hackers stole more than $85 million in crypto assets from hot wallets at cryptocurrency exchange Phemex.

Ransomware payments in 2024

Singapore-based cryptocurrency exchange Phemex has fallen victim to a cyberattack that resulted in the theft of over $85 million worth of assets.

The incident occurred on January 23, when multiple suspicious transactions were observed across several blockchains, with an initial estimate setting the potential losses at $29 million.

Over the weekend, however, the estimate grew to more than $85 million, as more fraudulent transactions were identified across 16 blockchains.

Phemex immediately suspended deposits and withdrawals for most chains, temporarily halted withdrawals for Bitcoin and Ethereum, and released a Proof of Reserves (POR), for transparency reasons.

“We quickly activated our emergency response mechanism, suspended related functions, and began addressing potential vulnerabilities. The affected devices have been identified and isolated, and we have reported the matter to third-party security firms and law enforcement for further support and action,” Phemex said in an incident notice.

The cryptocurrency exchange resumed withdrawals over the weekend, informing users that it updated its deposit address and that transactions would likely take longer times, as deposits sent to the old address would be manually reviewed and credited.

“Our new system is now live and routinely monitored by our cybersecurity partner, with significant improvements in security and reliability. All operations have been gradually restored, and we ensure the absolute safety of user assets,” the crypto exchange announced.

On Thursday, Phemex said on X (formerly Twitter) that it was working on a compensation plan that should be announced soon, and that trading services remained operational.

Advertisement. Scroll to continue reading.

Shortly after, Phemex CEO Federico Variola said on X that the attack was orchestrated by a sophisticated threat actor, without attributing it to a known group.

The heist was reportedly perpetrated by experienced hackers, possibly linked to North Korea, given the precision of the operation: funds were manually drained from hot wallets across multiple chains at the same time, tokens were immediately swapped, and assets were sent to new addresses, for laundering.

According to researchers, an access control breach was the root cause of the incident, as it provided attackers with control over Phemex’s hot wallets.

The US, Japan, and South Korea reported recently that North Korean hackers stole roughly $660 million in cryptocurrency last year.

Related: Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024

Related: North Korean Hackers Hit Latin American Banks

Related: Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.