PANews reported on January 24 that according to The Block, according to the analysis of several blockchain security experts, North Korean hackers may be behind the theft of more than $70 million from the crypto exchange Phemex. On Thursday, the Singapore-based exchange was hacked and subsequently announced a suspension of withdrawals because several blockchain security companies reported suspicious activities to it. At that time, about $30 million in funds had been stolen, but the attack seemed to be continuing and more tokens were stolen.

The attack appears to follow a similar threat pattern seen in attacks on other well-known crypto exchanges. Taylor Monahan, chief security researcher at MetaMask, said: "In this incident, a large number of different assets were siphoned off multiple chains at the same time. These tokens were then immediately exchanged for native assets of the chain, starting with freezable stablecoins and then proceeding one by one in order of value. As with many attacks, the attackers seemed to target large assets first and then began targeting less well-known tokens. All of this activity occurred simultaneously, but they were not scripted. Assets were manually sent to a new address for exchange, and once completed, they were passed to another new address. The assets then remained there until the real money laundering team took them away next week or next month."

Due to the large number of transactions and the wide range of blockchains targeted, Monahan said the attack was likely the work of "a recurring threat actor group."