If you were hoping for a month without a major crypto heist, think again. January 2025 has already seen nearly $80 million vanish into the hands of hackers, with the bulk of the losses stemming from just one high-profile attack. Security researchers warn that cybercriminals are refining their tactics, and some familiar names may be behind the latest breaches.
Phemex Breach Takes Centre Stage
The biggest hit came on January 23, when Singapore-based crypto exchange Phemex suffered a major security breach. Initially, blockchain security firm Cyvers flagged suspicious activity involving the platform’s hot wallets, estimating losses at around $37 million. But things only got worse. Before the company could secure its systems, hackers drained a staggering $69.1 million—making it one of the worst exchange hacks in recent memory.
Phemex, which had built a reputation as a reliable trading platform, now faces the difficult task of compensating users and restoring trust. The attack highlights a long-standing issue: centralized exchanges remain prime targets for hackers, especially when funds are stored in hot wallets connected to the internet.
BNB Chain and Ethereum: The Most Targeted Networks
Hackers aren’t just after centralized platforms; blockchain networks themselves are frequently exploited. In January, BNB Chain emerged as the most attacked network, accounting for 50% of all recorded incidents. Ethereum followed, with 25% of hacks occurring on its chain.
While these networks have advanced security protocols, smart contract vulnerabilities continue to provide openings for attackers. Experts note that DeFi platforms, which rely heavily on complex contracts, are particularly at risk.
A Ninefold Increase from December, But a Yearly Decline
January saw 19 separate hacking incidents, with total losses soaring compared to the previous month. In December 2024, crypto theft was relatively low, making this month’s numbers a jarring reminder of the persistent security challenges.
Yet, there’s a silver lining. Compared to January 2024, when over $133 million was stolen, this year’s losses represent a 44.6% decline. Some experts view this as a sign that security measures are improving, even if major breaches still occur.
The DeFi Sector Also Takes a Hit
Centralized exchanges weren’t the only ones targeted. Moby Trade, a DeFi platform specializing in options trading, fell victim to an exploit that cost them $2.5 million. Several smaller attacks also contributed to the month’s total:
- Orange Finance
- IPC
- The Idols NFT
- UniLend Finance
- Odos
- Laura AI
- Pika Infinity
- Sorra
One notable trend? No cases of fraud were reported in January—a rare occurrence in the crypto space, where rug pulls and exit scams are typically rampant.
Is North Korea’s Lazarus Group Behind It?
While no single group has claimed responsibility for the biggest hacks, industry experts suspect the infamous Lazarus Group may be behind the Phemex attack. The North Korean-linked hackers have been responsible for several multi-million-dollar crypto thefts in recent years, often using stolen funds to support the country’s weapons programs.
Taylor Monahan, a principal security researcher for MetaMask, points out that on-chain behavior can reveal key details about these attacks. “Every theft or scam has its own particular fingerprint that hints at how experienced the attackers are and whether they’re working alone or as part of a larger group,” she explains.
Blockchain forensic firms are now examining the patterns of stolen funds movement to determine if Lazarus was involved. If they were, Phemex wouldn’t be the first major exchange to fall victim to their sophisticated cyberattacks.
The Crypto Industry’s Ongoing Security Battle
Despite some improvements, the crypto industry remains in a constant arms race with cybercriminals. Exchanges, DeFi platforms, and blockchain networks continue to strengthen their security protocols, but hackers always seem to find new loopholes.
For now, the question isn’t if another major hack will happen—it’s when.