Last week, there was a significant security breach at the crypto exchange Phemex resulting in a loss of over $85 million in cryptocurrency, as reported by various sources. Initially, the estimated loss from the breach on January 23 was around $29 million, but by the end of the weekend, the figure had surged to over $85 million.
Although the identity of the suspected threat actor behind the Phemex hack remains undisclosed, there are speculations linking the sophisticated attack to North Korea-linked hackers. These cybercriminals, as per one estimate, were responsible for 61% of the $2.2 billion in cryptocurrency funds stolen in the previous year. Notable among their past attacks was the massive $308 million DMM breach in May 2024, among others.
Phemex took swift action following the security incident and released a detailed account of the breach on January 26. The exchange immediately implemented emergency measures, suspended deposits and withdrawals temporarily, and devised a comprehensive follow-up plan. They identified and isolated the affected devices, informed third-party security firms, and reported the incident to law enforcement authorities. Phemex reassured its users that their funds were secure, highlighting their adequate asset reserves and the release of a Proof of Reserves (POR) for transparency.
After implementing security updates, Phemex confirmed the launch of a new system that is closely monitored by their cybersecurity partner, with enhanced security measures and reliability. Operations have gradually resumed, ensuring the safety of user assets. The company pledged to optimize their systems further to prevent similar incidents in the future.
Phemex CEO Federico Variola acknowledged the sophistication of the threat actor involved in the breach, emphasizing the careful restoration of systems due to this factor. Taylor Monahan of MetaMask noted that the heist seemed to be orchestrated by a group of threat actors with prior experience in such activities. The attackers executed a coordinated draining of distinct assets across various chains, swiftly swapping them for native assets, particularly starting with freezable stablecoins.
The incident has sparked interest in offchain transaction validation as a potential solution to enhance blockchain security. Cyvers, a Web3 security firm, has introduced this technology claiming it could prevent a significant portion of cryptocurrency hacks, including last year’s $230 million WazirX hack.
In conclusion, the Phemex hack serves as a stark reminder of the persistent threats faced by cryptocurrency exchanges and highlights the importance of robust cybersecurity measures in safeguarding digital assets from malicious actors. It also underscores the need for continued innovation in blockchain security to thwart evolving cyber threats effectively.