Phemex shares its lessons learned from its unprecedented incursion.

Even though leaders are susceptible to the risks of running a business online. Phemex, a hybrid exchange that features best-of-breed processes of both centralized and

Hybrid crypto exchange Phemex has shared some of the key lessons learned from its recent, unprecedented incursion by a serious threat actor.

The attack, which occurred at the end of January, saw the hacker, who has a history of crypto hacks and is considered to be extremely sophisticated, gain access to a small portion of Phemex’s hot wallet. The nature of the cyber-attack was complex and difficult to prevent.

These perpetrators have not been publicly identified by law enforcement, likely reside in a state that supports this kind of action and are probably insulated from any prosecution or other legal action.

However, despite the technical difficulties posed by the attack and the fact that it was targeted at one of the world’s largest hybrid exchanges, Phemex managed to contain the damage quickly and recover core functionality to users within 24 hours – possibly one of the fastest recoveries from a hack by any established crypto exchange. Following that, Phemex implemented a strict, manual review of deposit and withdrawal transactions to reinforce security and ensure no malicious transactions were being made in the immediate aftermath.

"We want to use this piece to address the incident, talk about how we handled it, and explain what we’ve done to prevent such incidents in the future," says Phemex CEO Federico Variola.

He stressed that, while the attack came from a highly sophisticated threat actor, the vast majority of user funds were never at risk and the exchange covered all users’ losses.

"We also resumed core operations as quickly as possible and immediately revamped our hot wallet security infrastructure to greatly minimize these security risks in the future."

[uuid]

The hybrid exchange's technical team has designed and implemented a new, more robust hot-wallet security infrastructure.

"A major lesson we’ve learned and reflected on is that Phemex has grown very fast during the latest bull market and some of our operating procedures lagged behind our growth," Variola says. "This cyber-attack showed that the kind of security measures that may have been serviceable for our previous size are no longer acceptable for our current scale."

Phemex's new structure is designed with a zero-trust architecture in mind and leverages cutting-edge Enclave technology. This includes AWS Nitro to achieve robust, chip-level security for hot wallets.

While that solves the immediate problem, it wouldn't put Phemex ahead of the hackers. So the team made moves to protect all wallets which any of its users might hold.

"We plan to employ a tiered-wallet system with cold wallets," Variola says. "It would also apply to hot wallets – which will hold a much smaller proportion of our funds moving forward."

The tiered system also applies to warm wallets, which combine hot wallets' internet connection, speed and efficiency with cold wallets' enhanced security and manual control.

Phemex is also increasing the workforce dedicated to infrastructure security, with different teams overseeing separate elements and fewer individuals having access to the entire system. From end to end, every task will be reviewed by industry-leading third parties.

That could slow down the pace of Phemex's service delivery by a step, but Variola's team is convinced it must be done.

"The operations of our exchange will be more complex using the new system, but this cannot be avoided because security is of highest priority," Variola says. "We are extremely confident in the new system and we’re applying for third-party certifications on these security standards."