Singapore-based cryptocurrency exchange Phemex is investigating suspicious transactions involving its hot wallets, identified by security firm Cyvers.
More than $37 million worth of digital assets, including Bitcoin, Ethereum, and TRON, were reportedly affected across multiple chains.
Phemex suspends withdrawals
Phemex confirmed the incident and temporarily halted withdrawals. Cyvers note more than 125 suspicious transactions on hot wallets.
The exchange said its cold wallets, which hold the majority of users’ funds, remain secure and unaffected.
These wallets are fully transparent and verifiable, as highlighted by the exchange.
“Over 125 suspicious transactions moving funds from Phemex hot wallets to new wallets on different chains such as Ethereum, Polygon, Binance, Optimism, Polygon, Base, Avalanche, Bitcoin, Tron, Solana and probably more. Some tokens and stablecoins have already been swapped to avoid the freeze,” Meir Dolev, co-founder and CTO of Cyvers, told BeInCrypto.
Phemex is one of the largest crypto exchanges in Singapore. According to CoinGecko datathe exchange has a daily market volume of over $177 million and nearly 1 million monthly traffic.
“Phemex and the development team apologize for the disruption. Our mission to provide a transparent and reliable business environment remains firm. We are working on a compensation plan, which will be announced soon,” Phemex announcement on X (formerly Twitter).
The broader cryptocurrency market has faced increased security challenges this year. Reports show that losses from hacks reached $2.15 billion in 2024, with scams contributing another $834.5 million. This represents an increase in losses of 15% compared to 2023.
High-profile incidents involving platforms such as WazirX, Radiant Capital and DMM Bitcoin have revealed vulnerabilities in multisig wallets and DeFi protocols.
Additionally, scammers are increasingly leveraging professional platforms like LinkedIn to target crypto users.
Recent reports highlight how attackers use legitimate tools, such as video conferencing platforms and detailed job postings, to gain victims’ trust before carrying out their schemes.
Other platforms have also come under scrutiny due to potential security issues. Hyperliquid, a decentralized exchange, recently saw outflows of $60 million in USDC. This decision was motivated by rumors of violations linked to the North Korean group Lazarus.
The company denied any hacking but acknowledged suspicious activity involving ETH deposits and withdrawals.
The growing adoption of cryptography has made security an increasingly critical priority for the industry. Access control failures, such as private key compromises, remain a significant threat.
Strengthening protections and developing proactive measures are essential as the crypto space continues to grow and attract new users.
Disclaimer
In accordance with the Trust Project guidelines, BeInCrypto is committed to providing unbiased and transparent reporting. This news article aims to provide accurate and current information. Readers are, however, advised to independently verify the facts and seek professional advice before making any decision based on this content. Please note that our Terms and Conditions, Privacy Policy and Disclaimer have been updated.
