Experts interviewed by The Block said that DPRK hackers were involved in the hack of Phemex for $70 million
The exchange announced that the withdrawal function would soon be restored
24.01.2025 - 12:00
446
2 min
0
What’s new? Singapore-based crypto exchange Phemex lost more than $70 million in a hot wallet hack on January 23. The attack affected the exchange’s assets in the BNB Chain, Ethereum, Optimism, Polygon, Base, Bitcoin, and TRON networks, which the attackers started converting into ETH for further laundering.
What else is known? By the time the attack was detected by third-party IS companies, the amount of losses was lower and Phemex suspended withdrawals to fix the vulnerability and conduct verification, but this did not prevent further leakage of tokens.
First of all, the hackers exchanged USDT from Tether and USDC from Circle for ETH stablecoins, as issuers can freeze assets involved in illegal activities. Also among the features of the attack is the fact that hundreds of different tokens were being withdrawn from multiple blockchains at the same time.
This suggests that the attack was carried out by a group of experienced attackers, noted MetaMask crypto wallet analyst Taylor Monahan in a comment to The Block.
An anonymous blockchain researcher under the nickname SomaXBT.eth claims the attack was carried out by hackers from North Korea.
Media report on the mass employment of DPRK developers in crypto startups
Since at least 2018, North Koreans have been infiltrating companies to make money in the face of sanctions, as well as organizing hacks
Phemex still holds about $1,8 billion worth of crypto assets, of which $1,1 billion is accounted for by the PT exchange token. The platform also holds $355 million worth of bitcoins and $209 million worth of USDT.
On January 24, the Phemex team said that withdrawal and deposit functions will be restored soon.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 221
BTC
-3.54%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.1
XRP
-3.6%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.078572
DOGE
-5.43%
-
Zcash
$413.13
ZEC
-9.06%
-
Stellar XLM
$0.193431
XLM
-7.17%
-
Cardano
$0.150213
ADA
-5.78%
-
Polkadot
$3.32
DOT
+5.27%