Phemex Exchange Reports $29 Million Hot Wallet Security Breach

TLDR

• Phemex crypto exchange suffered a security breach on January 23, 2025, resulting in approximately $29 million stolen from their hot wallets across multiple blockchains including BNB, ETH, OP, POL, BASE, and ARB
• Security firm Cyvers detected suspicious transactions and reported that the stolen assets were being converted to Ethereum (ETH)
• Phemex CEO Federico Variola confirmed they are investigating the incident and assured users that cold wallets remain secure
• The exchange has temporarily suspended all withdrawals while conducting emergency inspections
• The attack targeted only hot wallets, while cold storage remains unaffected and verifiable through Phemex’s website

The Singapore-based cryptocurrency exchange Phemex experienced a security breach on January 23, 2025, resulting in the theft of approximately $29 million in digital assets from its hot wallets. The incident affected multiple blockchain networks and prompted an immediate suspension of withdrawals from the platform.

Blockchain security firm Cyvers first raised the alarm after their systems detected several suspicious transactions originating from Phemex’s hot wallets. The unauthorized transfers occurred across various blockchain networks, including BNB Chain, Ethereum, Optimism, Polygon, Base, and Arbitrum.

UPDATECEO of @Phemex_official has confirmed that they are investigating recent incident and their cold wallets are remains safe!

Read more https://t.co/tbb5gckG8l
Want to secure your assets and prevent future attacks? Book a Demo today! https://t.co/vDCEKjRHz3… https://t.co/YQ3pyZO3Um pic.twitter.com/HNUdtRUjhC

— Cyvers Alerts (@CyversAlerts) January 23, 2025

The attack specifically targeted Phemex’s hot wallets, which are digital wallets connected to the internet for daily operations. The exchange’s cold wallets, which store digital assets offline for enhanced security, remained untouched during the incident.

According to Cyvers’ analysis, the attackers began immediately converting the stolen assets to Ethereum after gaining control of the funds. This conversion pattern is common in crypto attacks as perpetrators attempt to consolidate stolen assets into more liquid cryptocurrencies.

Phemex CEO Federico Variola addressed the situation promptly through the company’s official X (formerly Twitter) account. He confirmed that the exchange was investigating the reports while emphasizing that user funds in cold storage remained secure.

Hello everyone, as we look into a report on one of our hot wallets rest assured our cold wallets remain safe and can be checked by everyone here, will post more updates shortlyhttps://t.co/5d9obJcPjS

— Federico0x @Phemex (@Federico0x) January 23, 2025

The exchange took immediate action by implementing a temporary freeze on all withdrawals. This measure allows the platform to conduct emergency security inspections and prevent any further unauthorized transactions.

Phemex has maintained transparency throughout the incident by encouraging users to verify the safety of their cold wallet holdings through the exchange’s website. This verification feature provides customers with real-time confirmation that the majority of the platform’s assets remain secure.

The $29 million theft spans across several blockchain networks, highlighting the sophisticated nature of the attack. The incident demonstrates the vulnerabilities that can exist in hot wallet systems, even with modern security measures in place.

The timing of the attack occurred during Asian trading hours, when many of the region’s crypto traders are most active. This timing potentially allowed the attackers to blend their activities with normal trading patterns.

As news of the breach spread, the crypto security community began tracking the movement of the stolen funds across various blockchain networks. This monitoring helps exchanges and law enforcement identify and potentially freeze assets if they appear on other platforms.

The attack represents one of the largest cryptocurrency exchange breaches of 2025 so far, though it falls short of some historical crypto heists that have exceeded hundreds of millions of dollars.

Phemex has not yet revealed specific details about how the attackers gained access to their hot wallet systems. The exchange’s security team continues to investigate the root cause of the breach.

The company has assured users that it will provide regular updates as the investigation progresses. However, they have not yet announced a timeline for when withdrawals might resume.

Security experts note that the attackers’ rapid conversion of stolen assets to Ethereum suggests a predetermined strategy to maximize their ability to move and potentially launder the stolen funds.

The incident has led to increased monitoring of major cryptocurrency exchanges and blockchain bridges, as stolen funds often pass through these channels in the aftermath of such attacks.

The post Phemex Exchange Reports $29 Million Hot Wallet Security Breach appeared first on Blockonomi.