At least $69 million stolen from crypto platform Phemex in suspected cyberattack

Singapore-based cryptocurrency platform Phemex was forced to pause some of its operations on Thursday after a suspected cyberattack led to the theft of more than $69 million in digital coins. 

The company’s CEO said on Friday morning that they are in the process of restoring withdrawals on the platform and will be manually reviewing requests to pull money out of Phemex for the time being. 

“We have also taken a snapshot of all users' balances as of 12pm UTC for a reward for your support and loyalty, more on this soon,” Phemex CEO Federico Variola said. 

Variola previously said they were testing their system but had to take extra time “due to the sophistication of the threat actor.”

The issues began on Thursday morning, when several blockchain security companies reported seeing millions of dollars worth of cryptocurrency flowing out of the platform. 

Researchers at blockchain security firm Cyvers initially saw suspicious transactions involving $29 million worth of cryptocurrency leaving Phemex. 

Blockchain security company PeckShield told Recorded Future News that a final tally of the losses showed more than $69 million worth of ETH, Bitcoin, Binance coin and other cryptocurrency had been stolen. 

The company did not respond to requests for comment about the losses but apologized to customers on social media. 

“Phemex and the development team apologize for the disruption. Our mission to provide a seamless and trusted trading environment remains firm,” the company explained. “We are working on a compensation plan, which will be announced soon. Our ongoing business operations are fine. Trading services continue as usual.”

Phemex said it has approval to operate in the U.S., Canada, Turkey and Lithuania, with more than five million users worldwide. 

Two other Singapore-based cryptocurrency platforms — Penpie and BingX — have been attacked by hackers over the last six months. In September, nearly $30 million was stolen from Penpie while $44 million was taken from BingX. 

Several experts that spoke to The Block, a cryptocurrency news site, said the technical sophistication of the attack and the way the funds were siphoned from the platform showed it was done by experienced actors — with at least two people pointing out North Korea.

North Korean government hackers have been repeatedly accused by U.S. law enforcement and several other governments of being behind many of the largest crypto thefts. 

Last week, the U.S., Japan and South Korea released a joint statement warning the crypto industry that North Korea would continue to target their platforms in 2025 after multiple headline-grabbing incidents last year, including the thefts of $308 million from DMM Bitcoin and $235 million from WazirX.

“Our three governments strive together to prevent thefts, including from private industry, by the DPRK and to recover stolen funds with the ultimate goal of denying the DPRK illicit revenue for its unlawful weapons of mass destruction and ballistic missile programs,” the countries said.

Blockchain security firm Chainalysis released a report in recent weeks that said hacking groups connected to North Korea’s government stole $1.34 billion worth of cryptocurrency across 47 incidents in 2024. 

Experts at the United Nations are still investigating 58 cyberattacks on cryptocurrency firms allegedly conducted by North Korean hackers that allowed attackers to rake in about $3 billion over a six-year span.