Centralized Exchange (CEX) Phemex suffered a hack on January 23 as one of its hot wallets was compromised with multiple digital currencies siphoned
On Thursday, Phemex, a Singaporean Web3 crypto-trading and investment platform, briefed users that it suspected its wallets were compromised. Crypto tokens worth $29 million were reportedly siphoned from hot wallets. Reports teased that the stolen tokens were converted to Ethereum (ETH).
Phemex Comes Under Attack
Updating users on what is happening, Federico Variola, Phemex’s founder, revealed the company’s investigation of the hot wallet hack. He assured that cold wallets remain safe and accessible to users.
A cold wallet, otherwise called offline or cold storage, is a crypto wallet that is never connected to the internet. The period of absolute isolation from the net is the main catch of cold wallets. It is designed to give secured backing to stored digital assets.
Following the hack, Phemex halted all withdrawal services to conduct inspection and strengthen wallet services. However, business operations continued with trading services largely uninterrupted.
Per reports, tokens worth about $29 million were stolen from Phemex’s coffers. Analysts say the hacking entailed “multiple suspicious transactions” from Phemex across several blockchains. The hacker has since converted the stolen funds into ETH.
Speculations of stolen assets ranged from USDC, USDT, ETH, LINK, and others.
The update from Phemex assured users that withdrawal activities will resume as soon as possible. The company also called for calm amidst several discomforts among users.
Hacking Trends, Precaution for All
In 2024, CertifK report revealed that total stolen assets topped the $2 billion milestone. The report noted that crypto-related hacking activities reduced YoY, but the value of stolen funds jumped up.
By Q3 last year, hackers had drained $750 million in only 155 incidents. However, with more incidents occurring in 2025, the $2 billion could increase this year.
There are speculations that Phemex could experience a repeat of the current hacking because the exchange lacks security measures. Analysts say Phemex has no D-rating, lacks security certificates that include CryptoCurrency Security Standard (CCSS) and has no bug bounty.
CCSS are requirements for all information systems using cryptocurrencies, from web applications to exchanges and crypto storage solutions.
Disclaimer: The information provided in this article is for informational purposes only. It does not constitute investment, financial, trading, or any other sort of advice. You should not treat any of BGECrypto’s content as such. BGEcrypto does not recommend that any cryptocurrency should be bought, sold, or held by you. Do your due diligence and consult your financial advisor before making any investment decisions.
