QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$69 089 000 USD
JANUARY 2025
GLOBAL
PHEMEX
DESCRIPTION OF EVENTS

Phemex is a crypto trading platform offering a variety of services to users, including spot trading, contract trading, and margin trading. The platform supports multiple methods for buying crypto, such as P2P trading, bank transfers (SWIFT, ACH, SEPA), and credit/debit cards with low fees. Phemex offers users up to $4,800 in welcome rewards and provides access to over 372 contract pairs and 454 spot pairs, with leverage up to 100x and minimal fees. Additionally, users can earn passive income through Phemex Earn, with up to 18.8% APY on crypto savings and staking options in the Launchpool.
The platform is recognized for its user-friendly experience, and is trusted by prominent individuals and media outlets. It also has partnerships with institutions like Dauphine University for DeFi research. Phemex prioritizes security, transparency, and a smooth trading experience, offering a mobile app for trading on the go.
"Early security analysis by Hacken points to an access control breach that handed the attacker complete control over Phemex's hot wallets."
Hacken reports they were "hacked for ~$30M" in an early tweet.
PeckShield reports $69.1m.
$73 million according to Rekt.
"PeckShield rang the first alarm bell early on January 23rd, spotting suspicious outflows that would make a bank robber blush.
Within minutes, Cyvers' systems were lighting up like a Christmas tree, detecting over $29 million in suspicious transfers across multiple chains, but this was just the preview.
The protocol's response followed the familiar centralized exchange playbook - suspend withdrawals first, ask questions later.
Phemex's CEO Federico Variola rushed to Twitter with the standard "our cold wallets are safe" reassurance, as if that somehow made the hot wallet massacre any less painful."
"Hello everyone, as we look into a report on one of our cold wallets rest assured our cold wallets remain safe and can be checked by everyone here, will post more updates shortly"
"Hello all, we are currently carefully testing our system to reprise withdrawals as soon as possible. Due to the sophistication of the threat actor we cannot rush this stage. The estimated timeline to reprise full operations is within 24h, thank you for your support."
"Hello all, we are progressively restoring USDT and USDC withdrawals, all reqs will be manually reviewed by our security team, so please be patient with the queue time. We have also taken a snapshot of all users' balances as of 12pm UTC for a reward for your support and loyalty, more on this soon. BTC withdrawals will be enabled soon, BTC wallets were unaffected"
"Hello all, we are processing all failed txs and have added support for several chains, you can follow up with customer support via live chat if any tx has not been credited yet. All operations are thoroughly checked by our team, so please be patient, all txs will be credited. Next we will work with several third parties to certify that our systems are secure, thank you all for your support."
Phemex is a crypto trading platform offering a variety of services to users, including spot trading, contract trading, and margin trading. The platform suffered a major hack on January 23, 2025, resulting in a $69m+ loss due to a security breach in their hot wallets. The attacker exploited vulnerabilities across 16 different blockchains, draining wallets from Ethereum to Solana, Avalanche, and others. Despite quick responses to suspend withdrawals and reassure users about cold wallet security, the attack revealed serious flaws in Phemex’s multi-chain strategy and access control. PeckShield and Cyvers detected suspicious transfers, but the attack was too swift, with funds being drained across multiple chains simultaneously. The breach exposed the risks of not properly securing hot wallets and highlighted the potential dangers of multi-chain support without robust security measures. The exchange promised a compensation plan but faces significant criticism for its handling of wallet management and multi-chain custody.
Rekt - Phemex - Rekt (Jan 27)
Phemex: Buy, Sell, & Secure Your Crypto | Trade BTC & Derivatives (Jan 27)
@Federico0x Twitter (Jan 27)
@Federico0x Twitter (Jan 27)
@Federico0x Twitter (Jan 27)
@Federico0x Twitter (Jan 27)
@Federico0x Twitter (Jan 27)
@peckshield Twitter (Jan 27)
@PeckShieldAlert Twitter (Jan 27)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Jan 27)
Token Transfer | Etherscan
(Jan 27)
Token Transfer | Etherscan
(Jan 27)
Phemex
(0x50be13b54f3eebbe415d20250598d81280e56772) | Address 0x50be13b54f3eebbe415d20250598d81280e56772 | Etherscan
(Jan 27)
@Phemex_official Twitter (Jan 27)
@hackenclub Twitter (Jan 27)
@CyversAlerts Twitter (Jan 27)
@CryptooAdy Twitter (Jan 27)
https://www.theblock.co/post/336754/north-korea-hack-group-possibly-behind-70-million-phemex-exploit-experts-say (Jan 27)
