Phemex
Contents
Phemex - Rekt
When your hot wallets become sixteen points of failure, $73 million makes for an expensive lesson in access control.
Phemex exchange just learned this lesson the hard way, watching helplessly as an attacker drained their hot wallets across over a dozen different chains in a masterclass of multi-chain mayhem.
From Solana to Ethereum, Base to Avalanche, no chain was safe as the attacker systematically emptied wallets faster than Phemex could say "access control."
The largest centralized exchange hack of 2025 unfolded like a game of blockchain whack-a-mole - as soon as Phemex spotted suspicious activity on one chain, another wallet was already being drained.
Their cold wallets may have stayed safe in cold storage, but their hot wallets just got a $73 million lesson in thermodynamics.
When sixteen chains share the same security flaws, does multi-chain really mean multi-risk?
Credit: Peckshield, Cyvers, Federico Variola, Phemex, Crypto Ady, Hacken, The Block
Sixteen chains, one vulnerability, zero …
When your hot wallets become sixteen points of failure, $73 million makes for an expensive lesson in access control.
Phemex exchange just learned this lesson the hard way, watching helplessly as an attacker drained their hot wallets across over a dozen different chains in a masterclass of multi-chain mayhem.
From Solana to Ethereum, Base to Avalanche, no chain was safe as the attacker systematically emptied wallets faster than Phemex could say "access control."
The largest centralized exchange hack of 2025 unfolded like a game of blockchain whack-a-mole - as soon as Phemex spotted suspicious activity on one chain, another wallet was already being drained.
Their cold wallets may have stayed safe in cold storage, but their hot wallets just got a $73 million lesson in thermodynamics.
When sixteen chains share the same security flaws, does multi-chain really mean multi-risk?
Credit: Peckshield, Cyvers, Federico Variola, Phemex, Crypto Ady, Hacken, The Block
Sixteen chains, one vulnerability, zero …
IoC
5B34414e95a8b8D0B16a39BAf5b97CEc1d517E22
AE2F4172f3665c0AA332e871B32314D26D47f465
E9AA4a999ca1D9093054CF4f5dc221a06D433650
cfcefe62850aabe2c2ed2f22078ad092e1f79575f42b997dee5d161dfb21ea9c
Eba89b66C132E7fAd2a238BF416Fb9d45dcAd1FF
7288CA84AB40Be3435dd33D0ceaC57Fe75eccD1D
c590175E458b83680867AFD273527Ff58f74c02b
f493033B14cE39CBC6a283921eA50919C5D43Dfe
B66aF6Fe0478507f2cF74F43a2bc383fdcF8d09c
50be13b54f3eebbe415d20250598d81280e56772
6C42F03d730b7643939fA1D00416cB2985eD9cF3
140dEA3B704D724ddfF41597b35A10Ce0189661f
392d99Ec0348172C046cd64b85C21Df0927ab946
17BCC630B1409637D42dFb278f8E2ea9fc862631
d760CC6F2D41E43309912D54a0955dbC8A77890f
3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
9B52594bFe50c51A75a8775ea03aD687E25E6A58
51fc8f63faf7b22d401623f9c3ae5183e564d701741770f12ad1851c6c45a0c8
4eff816c3fe9bd163d223546ef60020f0162ab4206339a0f14bdb60b639f0794
069987773b3DeE7AC4afFb9f06A4a90f9984AB10
AE2F4172f3665c0AA332e871B32314D26D47f465
E9AA4a999ca1D9093054CF4f5dc221a06D433650
cfcefe62850aabe2c2ed2f22078ad092e1f79575f42b997dee5d161dfb21ea9c
Eba89b66C132E7fAd2a238BF416Fb9d45dcAd1FF
7288CA84AB40Be3435dd33D0ceaC57Fe75eccD1D
c590175E458b83680867AFD273527Ff58f74c02b
f493033B14cE39CBC6a283921eA50919C5D43Dfe
B66aF6Fe0478507f2cF74F43a2bc383fdcF8d09c
50be13b54f3eebbe415d20250598d81280e56772
6C42F03d730b7643939fA1D00416cB2985eD9cF3
140dEA3B704D724ddfF41597b35A10Ce0189661f
392d99Ec0348172C046cd64b85C21Df0927ab946
17BCC630B1409637D42dFb278f8E2ea9fc862631
d760CC6F2D41E43309912D54a0955dbC8A77890f
3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
9B52594bFe50c51A75a8775ea03aD687E25E6A58
51fc8f63faf7b22d401623f9c3ae5183e564d701741770f12ad1851c6c45a0c8
4eff816c3fe9bd163d223546ef60020f0162ab4206339a0f14bdb60b639f0794
069987773b3DeE7AC4afFb9f06A4a90f9984AB10