HQ/EMEAFind out how we can help your business
The cryptocurrency exchange Phemex recently fell victim to a major cyberattack, losing over $85 million in digital assets. The incident, which took place on January 23, affected the platform’s hot wallets while its cold wallets remained secure.
Upon detecting unusual activity, Phemex quickly activated its emergency protocols. Deposits and withdrawals were immediately suspended, and proof of reserves was published to maintain transparency. According to the exchange’s CEO, Federico Variola, the affected devices were promptly identified, isolated, and reported to third-party security experts and law enforcement agencies for further investigation.
Initial reports suggested the stolen cryptocurrency was worth $29 million. However, subsequent analyses raised the figure to $69 million, which later climbed to $85 million, according to MetaMask’s Taylor Monahan. This evolving estimate highlights the magnitude of the attack, which has left users and security experts reeling.
In response to the breach, Phemex implemented a new and enhanced security system monitored closely by its cybersecurity partners.
Withdrawals are being restored in phases, with major cryptocurrencies like Ethereum (ETH), Tether (USDT), and USD Coin (USDC) re-enabled on Ethereum by Friday. Solana-based tokens followed on Saturday, while assets on Arbitrum, Optimism, Binance Smart Chain (BSC), Polygon, and Base became accessible by Sunday.
Users have been advised to avoid using old deposit addresses, as these transactions may require manual review and cause delays. Those with pending deposits are encouraged to reach out to customer support for assistance.
Large-scale cryptocurrency heists are often attributed to North Korean hacking groups, particularly the Lazarus Group, which specialises in these operations. Last year, the FBI linked the TraderTraitor threat group, allegedly operating under North Korea, to a $308 million Bitcoin hack in May 2024. Reports estimate North Korean hackers were responsible for $659 million to $1.3 billion in crypto thefts in 2024 alone.
While the Phemex attack remains under investigation, CEO Variola described the attackers as “sophisticated,” though he refrained from disclosing details that might aid attribution. As of now, the perpetrators remain unidentified, leaving a shadow of uncertainty over the incident.
This breach serves as yet another reminder of the vulnerabilities within the cryptocurrency landscape. As the industry handles these risks, exchanges are under increasing pressure to fortify their defences to protect users’ digital assets.
