A devastating blow struck the cryptocurrency world on January 23, 2025, when Phemex Exchange fell victim to one of the year’s largest security breaches.
Hackers infiltrated the platform’s hot wallets across sixteen blockchains, including Ethereum, Solana, Ripple, and Bitcoin, making off with assets initially estimated at $29 million but later revised to over $85 million as audits continued.
The digital heist spread across the crypto universe like wildfire, with losses ballooning from $29 million to a staggering $85 million.
The attack, which began around 11:30 UTC and concluded within two hours, targeted exclusively Phemex’s hot wallets—think of them as the exchange’s cash registers, while their untouched cold wallets remained safely locked in the digital vault. This breach dramatically illustrates why many investors choose cold storage solutions for long-term holdings rather than keeping assets in exchange-controlled hot wallets.
Major tokens like USDC, CRV, USDT, and AAVE disappeared faster than free samples at a grocery store, with stablecoins quickly swapped for ETH to avoid being blacklisted. The attacker drained a staggering 142 billion PEPE tokens from the exchange’s hot wallet, adding to the severity of the breach.
Security experts point to an access control failure that compromised private keys or wallet management systems.
Imagine keeping all your house keys on one ring—lose it once, and everything’s vulnerable.
Similarly, Phemex likely stored multiple hot wallet keys together, allowing hackers to execute a coordinated multi-chain theft reminiscent of previous attacks on platforms like XT.com.
The exchange responded by immediately suspending deposits and withdrawals, isolating hot wallets, and reporting the incident to law enforcement.
They published proof of reserves—essentially showing users what remained in the digital bank vault—while working to implement a more secure wallet infrastructure.
For users, the impact was immediate: transactions ground to a halt as Phemex worked to contain the damage.
The company warned customers against using old deposit addresses, much like changing locks after a break-in.
This incident, potentially linked to the notorious Lazarus Group, has broader implications for the cryptocurrency industry, highlighting vulnerabilities in multi-chain access control. According to government estimates, this attack contributes to the alarming North Korean haul of $659 million in cryptocurrency theft for 2024 alone.
It serves as a stark reminder that even as blockchain technology itself remains secure, the platforms that facilitate access to it can still present significant security challenges.
