The Singapore-based cryptocurrency exchange Phemex has suffered losses exceeding $70 million following a cyberattack believed to have been orchestrated by state-sponsored hackers from North Korea. On Thursday, January 25, the platform detected suspicious activity and promptly suspended withdrawals. At that point, approximately $30 million had been stolen, but the attack persisted, significantly amplifying the total damage.
Federico Variola, the CEO of Phemex, assured users via the social media platform X that the exchange’s cold wallets remained secure and promised to provide updates as the investigation unfolded. Meanwhile, the stolen assets began moving across various blockchains.
Transaction analysis revealed that the attackers targeted multiple blockchains, including Ethereum, Avalanche, Binance Smart Chain, Solana, and Tron. The heaviest losses were sustained in BTC, ETH, SOL, and stablecoins USDC and USDT. To avoid the freezing of stablecoins, the hackers swiftly converted them into ETH and other assets.
According to the research platform Arkham, the attackers employed a sophisticated but manually executed strategy, transferring assets through numerous addresses and chains to complicate tracking efforts. The attack involved at least eight Ethereum addresses and dozens of others across Layer 2 platforms.
Suspicions of North Korean involvement stem from the resemblance of the methods used to previous attacks, such as the TraderTraitor operation, which resulted in the $308 million theft from Japan’s DMM exchange. Experts have noted that this attack was likely carried out by a highly skilled group with a history of similar breaches.
Phemex has announced that its investigation is ongoing and that it is formulating a compensation plan for affected clients. As of now, the exchange manages approximately $1.8 billion in assets, $1.1 billion of which are allocated to its native token, PT.
