TL;DR
-
Phemex is looking into reports of a possible hack after one of its hot wallets was drained $29m.
-
Some security experts believe this may be another exploit perpetrated by state-sponsored attackers in North Korea.
Phemex Loses $29m in a Possible Hack
Singapore-based cryptocurrency exchange Phemex has announced that it is looking into reports of a hack after one of its hot wallets lost $29 million worth of cryptocurrencies.
Crypto security firm Cyvers reported "multiple suspicious transactions" from the Phemex hot wallet across multiple blockchains. The report added that the funds were swapped for Ether (ETH) following the exploit.
Phemex CEO Federico Variola wrote on X that the crypto exchange is currently looking into those reports.
Hello everyone, as we look into a report on one of our hot wallets rest assured our cold wallets remain safe and can be checked by everyone here, will post more updates shortlyhttps://t.co/5d9obJcPjS
— Federico0x @Phemex (@Federico0x) January 23, 2025
However, multiple blockchain security experts suspect North Korean hackers are potentially behind the multi-million dollar exploit of the Phemex crypto exchange.
Phemex halted withdrawals on Thursday after being alerted to suspicious activity from several blockchain security firms. Furthermore, the experts believe the attacks continued, and more tokens were stolen, surpassing the initial $29 million.
Taylor Monahan, the principal security researcher for MetaMask, told The Block that,
“In this case, we see a massive amount of distinct assets drained simultaneously across a multitude of chains. The tokens are then immediately swapped for the native asset, starting with the freezable stablecoins and then working down the list by value.”
Monahan pointed out that the attackers quickly swapped millions in stolen USDC and USDT, which can be frozen, for ETH. Afterward, the attackers started draining well-known tokens. For instance, the last three transactions brought in $1,000 worth of ARPA, $997 worth of ZRC, and $1,020 worth of NKN. Hundreds of different tokens were stolen, however.
According to Arkham, the attackers often left just pennies worth of lesser-known altcoins in the exchange’s wallets. Monahan added that,
“All of this is activity is happening simultaneously though, but it’s not scripted. Assets are manually sent to new addresses for swapping and then passed along to another fresh address once they are done. Then those assets will sit until the real laundering team picks them up next week or next month.”
Despite the attack, Phemex still holds approximately $1.8 billion worth of crypto assets. Most of the funds are in its native PT token, which accounts for $1.1 billion of its holdings. The exchange also holds $355 million worth of bitcoin and $209 million worth of USDT.