Cyber Incident Victim: Wemix
Date:
Feb 2025
Location:
South Korea
Summary
Wemix Foundationdisclosed that hackers exploited the authentication keys of its NFT platform Nile to breach the Play Bridge Vault system, resulting in the loss of approximately 8.65 million tokens valued at around $6.22 million. The foundation reported the incident to police, launched a buyback plan worth 10 billion Korean won to protect investors, and stated it aims to fully restore services while improving its crisis response and investor communication.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 28,2025, hackers exploited the authentication keys associated with the NFT platform Nile to gain unauthorized access to the Play Bridge Vault system operated by the Wemix Foundation. The intrusion resulted in the transfer of approximately 8.65 million WEMIX tokens from the vault to addresses controlled by the attackers. Based on market prices at the time of the incident, the stolen tokens were valued at around $6.22 million. The Wemix Foundation, a subsidiary of the South Korean gaming company Wemade, confirmed the loss in a public statement released on March 17, 2025.
Kim Seok‑hwan, a representative of the Wemix Foundation, disclosed the details of the breach during an emergency internal meeting held after the incident was discovered. He explained that the decision to delay the public announcement was driven by concerns that revealing the hack too soon could provoke further attacks or trigger market panic. Kim emphasized that the delay was not intended to conceal the incident but rather to allow the foundation time to assess the scope of the compromise and coordinate with law enforcement. The foundation’s statement noted that the delay was undertaken with the goal of protecting investors and preventing additional harm.
In response to the hack, the Wemix Foundation filed a formal report with the relevant police authorities to initiate an investigation. To mitigate the financial impact on token holders, the foundation announced a buyback program worth 10 billion Korean won aimed at repurchasing WEMIX tokens from the market. The foundation also set a target date of March 21, 2025, for the full restoration of normal services across its platforms. As part of its longer‑term response, Wemix indicated that it would enhance its crisis response protocols, including improving communication channels with investors and strengthening the security of authentication keys. The foundation stated that these measures are intended to reduce the likelihood of similar incidents and to increase transparency in future security events.