top of page

Phemex Loses $29 Million in Sophisticated Hot Wallet Breach

Writer's picture: Blockonome GnomeBlockonome Gnome

Withdrawal suspensions and investigations underway after major crypto theft.


Withdrawal suspensions and investigations underway after major crypto theft.

Singapore-based cryptocurrency exchange Phemex is grappling with a significant security breach that resulted in the theft of $29 million in digital assets from its hot wallets. The attack, which occurred on January 23, 2025, targeted multiple blockchain networks and forced the exchange to temporarily suspend all withdrawals as it investigates the incident and strengthens its security measures.


The breach was first detected by blockchain security firm Cyvers, which identified suspicious transactions originating from Phemex’s hot wallets across six major blockchain networks: BNB Chain, Ethereum, Optimism, Polygon, Base, and Arbitrum. Cyvers reported that the stolen funds were being quickly converted into Ethereum, a strategy often employed by attackers to consolidate assets into a more liquid cryptocurrency. This immediate conversion highlights the sophistication of the perpetrators and their ability to act quickly before detection.


Hot wallets, which are essential for daily cryptocurrency transactions due to their internet connectivity, were the specific target of the attack. Fortunately, Phemex’s cold wallets, which store assets offline and are considered far more secure, were not compromised. In a public statement on the company’s official X (formerly Twitter) account, Phemex CEO Federico Variola reassured users that their funds in cold storage were safe and verifiable through the platform’s real-time tracking feature. “Our cold wallets remain fully secure, and users can confirm this directly on our website,” Variola stated, emphasizing the company’s commitment to transparency amid the crisis.


The attack occurred during peak Asian trading hours, potentially allowing the attackers to obscure their activities within regular trading patterns. Phemex responded by freezing all withdrawals across the platform to prevent further unauthorized transactions and to conduct emergency inspections of its systems. This decisive action was intended to limit the damage and reassure users that the exchange was taking immediate steps to protect their funds.


The stolen funds were siphoned across multiple blockchains, underscoring the complexity and scale of the breach. Security experts have noted that the attackers displayed advanced tactics, gaining access to the hot wallets and executing transactions in a manner designed to evade detection. The incident demonstrates the inherent vulnerabilities of hot wallet systems, even as exchanges continue to implement modern security measures.


The breach represents one of the largest crypto exchange heists in 2025 to date, though it does not reach the scale of some historic attacks that have resulted in losses exceeding hundreds of millions of dollars. Phemex has not yet disclosed the specific vulnerabilities that were exploited, but its security team is actively investigating the root cause of the attack. Law enforcement and blockchain monitoring efforts are now focused on tracking the stolen assets, with the aim of identifying and potentially freezing them if they appear on other platforms.


As the news spread, the crypto community and security firms began closely monitoring the situation. Analysts noted that the attackers’ rapid conversion of the stolen funds to Ethereum suggests a well-planned strategy to maximize their ability to launder and move the assets. The incident has raised broader concerns about the security of cryptocurrency exchanges and highlighted the importance of robust defense mechanisms against increasingly sophisticated threats.


Phemex has promised regular updates to its users as the investigation progresses but has not provided a timeline for when withdrawals will resume. While the exchange has managed to maintain transparency during the crisis, the breach serves as a stark reminder of the risks associated with managing hot wallets in the volatile and fast-moving world of cryptocurrency.


photo source / Blockonome

コメント


Top Stories

Bring global cryptocurrency news straight to your inbox. Sign up for our monthly newsletter.

Thanks for subscribing!

© 2025 by Blockonome. 

Blockonome's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

bottom of page