- Hackers stole $70M from Phemex hot wallets, impacting Ethereum, Solana, XRP, and Bitcoin.
- Phemex suspended withdrawals after detecting $29M in suspicious blockchain outflows.
- Cold wallets remain secure as Phemex plans USDT and USDC withdrawal restoration.
Singapore-based crypto exchange Phemex launched an investigation into an exploit that stole roughly $70 million from its hot wallets. On January 23, blockchain analytics company PeckShield verified the breach and detailed large unauthorized transactions exceeding $69.1 million across the Ethereum, Solana, XRP, and Bitcoin blockchains.
The hackers are suspected to be North Korean, and the attack was prompt as they traded the stolen Tether (USDT) and USD Coin (USDC) for Ethereum (ETH) to avoid blacklisting measures.
Hack Targets Ethereum, Solana, XRP, and Bitcoin Wallets
PeckShield revealed on January 24 that Phemex’s Ethereum, Solana, XRP, and Bitcoin wallets were hacked to transfer funds. Ethereum alone contributed to $20 million of stolen assets, including ETH and stablecoins. Solana had $17 million in losses, while XRP and Bitcoin losses were $13 million and $5.3 million, respectively.
Cyvers discovered that hackers performed 125 suspicious transactions throughout 11 distinct blockchain networks. Hackers promptly transformed their stolen Tether (USDT) and USD Coin (USDC) into Ethereum to prevent asset freezing while using decentralized networks for laundering purposes.
Immediate Response and User Reassurance
Phemex CEO Federico Variola confirmed that the exchange’s cold wallets were not compromised and are open to public inspection. The withdrawal of stablecoins such as USDT and USDC are being progressively restored, and the BTC withdrawal services will be enabled soon.
The exchange halted all withdrawal requests while performing a security audit to improve its wallet features. Variola pointed out that the security team is manually handling withdrawal requests to avoid further risks and errors in the course of the recovery process.
Phemex is also developing a compensation plan and will provide the details to its users after the investigation. The exchange apologized and renewed its promise to maintain a reliable trading platform in response to the disruption.
Rising Trend in Crypto Hacks
The Phemex breach depicts how cryptocurrency thefts are becoming more common in the industry. According to Cyvers, crypto theft occurred at a rate of more than $2.3 billion annually in 2024, which is 40% higher than in 2023. Furthermore, hackers affiliated with North Korean cyber criminals mainly attack centralized exchanges to exploit private key management and wallet structure.
Experts have pointed out that strong security procedures, including offline storage of private keys and live monitoring systems, are necessary tools against evolving online dangers. Off-chain transaction validation protocols function to identify possible blockchain transaction exploits before their implementation through pre-execution simulation and verification of transactions.
