On the evening of January 23, the cryptocurrency exchange Phemex, headquartered in Singapore, became the target of a serious attack. According to cybersecurity experts, the hacker group behind this incident is believed to have ties to North Korea. They carried out a total of 275 transactions across multiple Blockchains, including Ethereum, Arbitrum, Base, Polygon, Optimism, zkSync and some other platforms, to steal assets from the exchange's hot wallets.
The total damage recorded was over 70 million USD, with notable amounts of prominent assets such as 16 million USD in SOL, 12 million USD in XRP, 5 million USD in BTC and many other altcoins. The diversity of the stolen cryptocurrencies reflects the sophistication in the planning and execution of this attack by the hacker group.
Phemex, one of the highly-rated cryptocurrency exchanges, is currently ranked 55th in trading volume and 37th in reliability on CoinGecko. With this incident, the exchange has quickly announced that they are planning to compensate the affected users. This is one of the actions to maintain customer confidence after becoming a victim of one of the biggest hacks at the beginning of 2025.
The hacker group is said to have temporarily ceased operations after completing the heist. Security experts believe they may be preparing steps to launder the stolen assets. Typically, hackers will use methods such as splitting assets, transferring across multiple Blockchains, or utilizing mixing services to cover their tracks. Tracking and tracing these transactions will be a major challenge for investigative agencies and Blockchain security companies.
The incident at Phemex not only raises concerns about security at cryptocurrency exchanges, but also once again emphasizes the role of North Korea in cyber-attack activities. In recent years, hacker groups from this country have continuously carried out major attacks targeting decentralized finance platforms and cryptocurrency exchanges to fund their military development programs.
This incident serves as a strong reminder for cryptocurrency exchanges globally to enhance their system security, especially protecting hot wallets - the primary targets of hackers. In the context of the rapidly growing Blockchain industry, improving cybersecurity and raising user awareness will play a crucial role in mitigating risks.
