Pierluigi Paganini
January 27, 2025
Singapore-based crypto platform Phemex paused operations after a cyberattack that resulted in the theft of $69M. Phemex CEO Federico Variola stated they are restoring withdrawals and temporarily manually reviewing all requests.
On Thursday, researchers at the blockchain security firm PeckShield noticed a suspicious ‘outflow of large funds from the cryptocurrency platform.
Hi @Phemex_official, suspicious outflow of large funds from @Phemex_official hot wallets. pic.twitter.com/qT71TJHXPJ
— PeckShield Inc. (@peckshield) January 23, 2025
PeckShield announced that Phemex has been hacked, resulting in a loss of ~$69.1M worth of cryptos. The security firm published a summary of stolen Phemex funds in multiple chains:
#PeckShieldAlert #Phemex has been hacked, resulting in a loss of ~$69.1M worth of cryptos.
— PeckShieldAlert (@PeckShieldAlert) January 24, 2025
Here is our latest summary of stolen #Phemex funds in multiple chains: pic.twitter.com/ZxkCBkhq5m
The CEO reassured customers, noting a snapshot of user balances was taken at 12 PM UTC for a loyalty reward, with details to come.
Hello all, we are progressively restoring USDT and USDC withdrawals, all reqs will be manually reviewed by our security team, so please be patient with the queue time.
— Federico0x @Phemex (@Federico0x) January 24, 2025
We have also taken a snapshot of all users' balances as of 12pm UTC for a reward for your support and loyalty,…
Phemex, with over 5M users and approval to operate in several countries, joins other Singapore-based crypto platforms targeted by threat actors over the last months. Experts suspect the $69M theft was a sophisticated attack potentially linked to a nation-state actor.
North Korea’s APT groups are known for major cyber attacks against organizations in the crypto industry.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cryptocurrency)
