Phemex Exchange Hack

In January 2025, Phemex, a Singapore-based centralized cryptocurrency exchange (CEX), was hacked for approximately $73 million, marking one of the largest breaches of the year. The attackers targeted hot wallets holding Ethereum (ETH), Bitcoin (BTC), Binance Coin (BNB), Solana (SOL), Polygon (MATIC), and other digital assets. The breach was detected on January 23, prompting an immediate suspension of deposits and withdrawals as the exchange sought to contain the damage.

Despite the sizable loss, the market reaction was limited, largely due to Phemex’s mid-tier status. However, the incident sparked renewed concerns about hot wallet vulnerabilities, especially since early signs suggested possible involvement by the North Korea-linked Lazarus Group, known for similar large-scale cyber heists. Users criticized the exchange for lacking transparency about how the private keys were compromised, further shaking confidence.

In response, Phemex implemented a phased withdrawal resumption between January 24 and 26 for major assets including ETH, BTC, USDT, USDC, Solana, Arbitrum, Optimism, BSC, Polygon, and Base. A Proof of Reserves (PoR) report was released to reassure users that cold storage funds remained secure. While a compensation plan was promised, its details remained vague, and no recovery of the stolen assets had been confirmed. At least $29 million worth of funds were reportedly laundered into ETH before authorities could intervene.

The attack exposed serious gaps in Phemex’s security infrastructure—specifically the lack of multi-signature wallet protection, real-time anomaly detection, and proactive response mechanisms. Furthermore, the Monetary Authority of Singapore (MAS) issued no public statement, leaving regulatory actions uncertain.

Ultimately, the Phemex hack serves as a cautionary tale, stressing the urgent need for improved hot wallet security, transparency through timely post-mortem disclosures, and stronger regulatory oversight. Without clear accountability and enhanced safeguards, user trust in mid-sized CEXs will remain precarious.