Blockchain gaming platform WEMIX hacked to steal $6.1 million

Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time.

During a press conference held yesterday, WEMIX’s CEO Kim Seok-Hwan confirmed the incident occurred on February 28, 2025, explaining that the delay in issuing a public announcement wasn’t an attempt to cover it up, but rather a conscious choice to protect players from additional losses.

“As soon as we identified the hack on February 28, we immediately shut down the affected server and began a detailed analysis,” stated Kim Seok-Hwan.

“On the same day, we filed a criminal complaint with the Seoul Metropolitan Police Agency’s Cyber Investigation Unit, and the National Office of Investigation is currently conducting an investigation.”

“Since the exact infiltration method was not initially identified, an immediate public disclosure could have exposed us to further attacks.”

“Additionally, most of the stolen assets had already been sold, impacting the market. Given the difficulty in guaranteeing that there were no further risks, an immediate disclosure could have caused market panic.”

WEMIX is a blockchain-based gaming platform developed by Wemade, a South Korean game company. 

The WEMIX ecosystem includes its own cryptocurrency, WEMIX token, and integrates blockchain technology into gaming, offering play-to-earn (P2E) models, NFT-based ownership, and decentralized finance (DeFi) features.

Wemade is best known for its hit title, “The Legend of Mir,” but since the release of WEMIX, it has focused on blockchain-integrated titles that draw inspiration from the old game.

The most successful of those is MIR4, which has over five million downloads on Google Play alone.

Other blockchain-based games by Wemade include Night Crows (1 million downloads), Rise of Stars, Crypto Ball Z, and MIR M (discontinued).

In the network for two months

According to yesterday’s press conference, hackers infiltrated WEMIX after they stole authentication keys used for monitoring services of the NFT platform ‘NILE.’

Although Wemade isn’t sure how the attackers acquired the keys, they hypothesized it was by breaching a shared repository where a developer had uploaded them for convenience.

The hackers then spent two months planning their attack before they eventually attempted to perform fifteen withdrawals, thirteen of which were successful.

The stolen WEMIX tokens were quickly laundered through cryptocurrency exchanges.

WEMIX is currently offline as all blockchain-related infrastructure is migrated to a new, more secure environment. The firm’s goal is to restore the service fully on March 21, 2025.

It’s also worth noting that the Digital Asset Exchange Alliance (DAXA) designated WEMIX as an “investment caution” asset and suspended deposits, a decision WEMIX plans to appeal.

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

Read the Red Report 2025