$30 Million Hack Alert? Crypto Exchange Phemex Suspends Withdrawals After Suspicious Transactions

Crypto exchange Phemex appears to have been the victim of a multi-million exploit on Thursday, according to online reports. Millions worth of USDT, USDC, Ethereum (ETH), and other crypto assets were stolen from the exchange’s hot wallets, resulting in a temporary half of withdrawals.

On Thursday morning, the first crypto exchange hack of the year hit the industry. Multiple reports revealed suspicious activity involving Phemex’s hot wallets was taking place over several chains.

Blockchain security firm Cyvvers shared on X it had detected multiple transactions to several suspicious wallets on different chains, “including BNB, ETH, OP, POL, BASE, and ARB.”

The security firm’s initial report stated that over $29 million worth of crypto had been transferred to the suspicious addresses, later raising the sum. “Upon deeper analysis, it has come to light that both BTC and TRON blockchains have also been impacted, with the estimated total loss now reaching approximately $37 million,” the update read.

Cyvvers seemingly identified around 125 suspicious transactions spread across the different blockchains and noted that the attackers had started swapping the tokens to Ethereum (ETH) to avoid potential freezing measures.

Meanwhile, on-chain data analysis firm Lookonchain broke down the crypto heist, stating that the hack had taken around $31 million worth of crypto assets. According to the analysis, 3.48 million USDC, 3.42 million USDT, and 841 ETH, worth $2.7 million were drained from the exchange’s hot wallet.

Additionally, the attackers took 110,701 LINK, 142 billion PEPE, 1.19 million FET, and 29,509 AVAX, valued at around $7.3 million combined. Lookonchain also listed ONDO, TRX, CRV, JASMY, AAVE, SHIB, GRT, and BRETT, as part of the stolen crypto assets.

After the news, Phemex CEO Federico Variola confirmed the attack on one of the crypto exchange’s hot wallets. Variola assured users that Phemex’s cold wallets remained safe and that they were investigating the reports.

The exchange then announced on X the temporary halt of withdrawals due to the emergency inspection and strengthening of the security measures but did not offer further details about the incident.

To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon. Phemex and the development team apologize for the disruption. Our mission to provide a seamless and trusted trading environment remains firm.

Nonetheless, the post stated that ongoing business operations were fine and that trading services continued as usual. Phemex’s team also revealed they are working on a compensation plan, which will be announced soon.

It’s worth noting that, in 2024, the number of hacks and total value lost increased from the year prior. According to Chainalysis data, 2024 was the fourth consecutive year in which the funds stolen from crypto hacks exceeded the billion-dollar mark.

Additionally, the total value stolen surged to $2.2 billion last year, and it became the year with the most individual hacks, reaching 303 incidents by December.

Centralized exchanges (CEXs) were the most targeted platforms in Q2 and Q3, recording some of the largest incidents in the industry’s history, while Decentralized finance (DeFi) platforms accounted for the largest share of stolen assets in Q1, like most quarters between 2021 and 2023.