In response, Phemex temporarily suspended withdrawals and is working on a compensation plan.
Singapore-based cryptocurrency exchange Phemex has fallen victim to a reported hack, continuing the trend of security vulnerabilities in digital asset exchanges.
Meir Dolev, the co-founder and CTO of blockchain security firm Cyvers, issued an urgent alert on January 23rd regarding suspicious activity involving one of Phemex’s hot wallets.
Dolev detected 125 suspicious transactions across 11 blockchain networks, including Binance Smart Chain (BNB), Ethereum (ETH), Optimism (OP), Polygon (POL), Base, and Arbitrum (ARB).
Over $29 million worth of digital assets have reportedly been drained so far, while some of the tokens and stablecoins have already been swapped to avoid freezing.
This was further confirmed by Hacken’s update, which revealed that the hacker’s address (0x5B344) received stolen funds and quickly distributed them to two other addresses. Specifically, the perpetrator transferred 744,696 USDT to address 0x17BCC and 1,767,957 USDC to address 0x6C42F. Both receiving addresses swiftly converted these stablecoins into Ethereum to evade potential blacklisting that could freeze the stolen assets.
Shortly thereafter, Phemex CEO Federico Variola said that the team is looking into one of the exchange’s hot wallets. The cold wallets, however, remain safe.
In its statement, Phemex announced the temporary suspension of withdrawals but assured that there had been no disruptions in its business operations and that trading services continue as usual.
“To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon.”
Phemex also added that the team is currently working on a compensation plan for those affected.