TLDR
- Singapore-based Phemex exchange lost $29 million in digital assets on January 23, 2025, through a targeted hot wallet attack
- Multiple blockchains were affected including Ethereum, BNB Chain, Optimism, Polygon, Base, and Arbitrum
- Security firm Cyvers identified that stolen funds were quickly converted to Ethereum
- Withdrawals have been temporarily halted during the investigation
- CEO Federico Variola confirmed cold wallets remain secure and verifiable
A sophisticated cyber attack targeting cryptocurrency exchange Phemex has resulted in the theft of $29 million worth of digital assets, marking one of the first major crypto security incidents of 2025. The breach occurred on January 23 and impacted the exchange’s hot wallets across several blockchain networks.
The incident came to light when blockchain security company Cyvers detected unusual transaction patterns from Phemex’s hot wallets. Their monitoring systems flagged multiple transfers that didn’t align with the exchange’s normal operational patterns.
Security logs revealed that the attackers managed to compromise hot wallets – internet-connected cryptocurrency storage systems – on six different blockchain networks: Ethereum, BNB Chain, Optimism, Polygon, Base, and Arbitrum. This multi-chain approach suggests a carefully planned operation.
Phemex CEO Federico Variola quickly addressed the situation through social media, confirming that the exchange was investigating the suspicious activities. He emphasized that user funds stored in cold wallets, which are kept offline for security purposes, remained untouched by the attack.
The exchange responded swiftly by implementing an immediate suspension of all withdrawal operations. This preventive measure aims to protect remaining assets while security teams conduct a thorough investigation of the breach.
Analysis of blockchain data shows that the attackers began consolidating their stolen assets almost immediately. They converted various cryptocurrencies into Ethereum, likely choosing ETH for its high liquidity and widespread acceptance across trading platforms.
The $29 million figure represents the combined value of assets taken across all affected blockchain networks. Each network lost different amounts, though specific breakdowns have not yet been released by Phemex or security researchers.
Blockchain security experts tracking the incident noted that the attackers demonstrated sophisticated knowledge of cross-chain operations. Their ability to simultaneously target multiple blockchain networks suggests careful preparation and technical expertise.
Users can currently verify the safety of their cold-stored assets through Phemex’s website, which provides real-time confirmation of cold wallet balances. This transparency measure helps reassure customers about the security of the majority of the exchange’s holdings.
The attack occurred during peak Asian trading hours, potentially allowing the malicious transactions to blend in with normal trading activity. This timing might have delayed initial detection of the suspicious transfers.
Phemex, which operates from Singapore, has not yet disclosed the technical details of how attackers gained access to their hot wallet infrastructure. The investigation into the root cause continues as security teams work to understand the attack vector.
The exchange has promised to maintain regular communication with users throughout the investigation process. However, they have not provided an estimated timeline for when normal withdrawal services might resume.
Cryptocurrency security firms have begun collaborative efforts to track the movement of the stolen funds. This monitoring helps identify if the assets appear on other exchanges or cryptocurrency services, potentially aiding in recovery efforts.
Initial analysis suggests the attackers used automated scripts to quickly move and convert the stolen assets. This rapid conversion strategy often makes it more challenging to freeze or recover stolen cryptocurrencies.
The incident adds to a history of hot wallet breaches in the cryptocurrency industry, highlighting the ongoing security challenges faced by digital asset platforms that maintain internet-connected wallets for daily operations.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support
