Last month, WEMIX, a leading blockchain gaming platform, became the target of a significant cyberattack, with hackers siphoning off 8,654,860 WEMIX tokens—valued at approximately $6.1 million at the time of the breach. The incident, which unfolded on February 28, 2025, was publicly addressed by WEMIX CEO Kim Seok-Hwan during a press conference in Seoul on March 25.
Kim emphasized that the company’s decision to delay a public statement was not an attempt to conceal the breach but a calculated move to shield its user base from further harm. “Upon detecting the intrusion, we immediately shut down the affected server and launched a thorough investigation,” he said. “However, without a clear understanding of how the attackers gained access, an early announcement could have left us vulnerable to additional strikes.”
He went on to explain that WEMIX promptly reported the incident to the Seoul Metropolitan Police Agency’s Cyber Investigation Unit on the day of the attack. The matter has since been escalated to the National Office of Investigation, which is actively pursuing leads. Kim noted that the stolen tokens had already been liquidated on the open market, amplifying concerns about market stability. “Given the uncertainty over lingering risks, we believed an immediate disclosure might trigger unnecessary panic,” he added.
WEMIX, a creation of South Korean gaming firm Wemade, is a blockchain-powered ecosystem that integrates cryptocurrency—via its native WEMIX token—with innovative gaming features. Known for pioneering play-to-earn mechanics, NFT ownership, and decentralized finance tools, the platform builds on Wemade’s legacy, which includes the iconic The Legend of Mir. Today, its standout title, MIR4, boasts over five million downloads on Google Play, while other offerings like Night Crows (one million downloads), Rise of Stars, and Crypto Ball Z have also gained traction. (MIR M, however, has been discontinued.)
Details from the press conference shed light on the attackers’ methods. The breach began two months prior, when hackers obtained authentication keys linked to NILE, WEMIX’s NFT platform. Wemade suspects the keys were compromised after being stored in a shared repository for developer convenience—a vulnerability the intruders exploited. After weeks of preparation, the hackers executed 15 withdrawal attempts, succeeding in 13, and swiftly laundered the proceeds through cryptocurrency exchanges.
In response, WEMIX has taken its systems offline, focusing on a comprehensive overhaul to bolster security. The company aims to resume full operations by March 21, 2025. Adding to the challenges, the Digital Asset Exchange Alliance (DAXA) has classified WEMIX as an “investment caution” asset and suspended deposits—a decision Wemade plans to contest.
This high-profile breach highlights the evolving risks within the blockchain gaming sector, raising questions about security and resilience as the industry continues to grow.
