Hacking activities resulted in a loss of $70 million in what stands as the biggest cryptocurrency heist of 2025 to date, targeting Phemex, the Singapore-based crypto exchange. The exchange’s hot wallets enabled hackers to break into its system, according to blockchain analytics firm PeckShield on January 23.
PeckShield documented the cryptocurrency theft from wallets operating on Ethereum, Solana, XRP, and Bitcoin systems. An attacker drained a total of $69.1 million from the platform, while Ethereum suffered most from the attacks. Theft of $20 million worth of Ethereum-based assets continuing both ETH tokens and stablecoins was reported. The stolen assets from Solana amount to $17 million, with XRP holding $13 million and Bitcoin losing $5.3 million.
Hackers Convert Stolen Stablecoins to Avoid Sanctions
The unidentified hackers moved between instant actions by changing stolen Tether (USDT) and USD Coin (USDC) into ETH for protection from likely sanctions. The hackers behind this attack showed connections to North Korea, where state-operated criminal hackers maintain their operations, according to cybersecurity company Hacken.
Phemex CEO Federico Variola assured users that the exchange’s cold wallets continue to be safe from any threats. USDT and USDC withdrawal capabilities will receive gradual restoration according to Variola’s January 24 announcement on X (formerly Twitter), which also mentioned manual security team audits on all withdrawal requests. Variola announced BTC withdrawals would resume shortly and reassured Bitcoin wallets remained unaffected by the attack.
While the attack caused massive damage to the platform, the CEO promised full transparency and promised user compensation future payments. He promised to release further information about the compensation program soon after.
The hack surpasses the $21 million FortuneWheel BNB Chain exploit from earlier this year to become the year’s largest crypto theft at present. Blockchain analytics together with cybersecurity experts track the stolen funds flowing into Ethereum wallets as they move between addresses.
Phemex, together with independent analysts, continue investigating the breach while details about the exploit remain unavailable. Hot wallet infrastructure represents one of the most vulnerable areas of crypto platforms since hackers disproportionately target this infrastructure.
The safety of user assets depends on exchange security protocols because industry experts demand better measures for hot wallet protection.
This current crypto theft joins numerous high-profile virtual currency heists to illustrate the ongoing necessity for digital financial security in a rapidly transforming sector.
