Crypto Hack Losses Plunge in Q3 2025, But September Records Surge in Million-Dollar Attacks
Crypto hack losses fell sharply in the third quarter of 2025, signaling progress in curbing large-scale exploits. Still, September offered a stark reminder of ongoing risks, logging a record number of million-dollar hacks. While attackers stole less overall, their tactics continued to evolve, with wallets and centralized platforms increasingly targeted over smart contracts.
In brief
- Q3 2025 saw $509M stolen in hacks, down 37% from Q2 and over 70% lower than Q1’s nearly $1.7B losses.
- Losses from smart contract exploits dropped to $78M, signaling stronger code defenses across DeFi projects.
- September logged 16 million-dollar hacks, the most ever in one month, raising concerns over attacker strategies.
- Centralized exchanges were hit hardest, losing $182M, with North Korean groups behind nearly half of Q3’s thefts.
Crypto Industry Sees Relief in Q3 Losses, Yet Faces September Surge
Losses from hacks and exploits decreased significantly in Q3, despite September setting a new high for million-dollar incidents. According to blockchain security firm CertiK, hackers stole $509 million during the quarter—a 37% decline from $803 million in Q2. Compared with Q1’s nearly $1.7 billion, losses have plunged by more than 70%.
A decrease in large-scale code exploits primarily drove the downturn. CertiK reported that losses from smart contract vulnerabilities sank from $272 million in Q2 to just $78 million in Q3. Phishing-related losses also decreased, although the number of phishing incidents remained stable.
Analysts suggest this shift shows hackers are moving away from direct contract exploits toward wallet compromises and operational breaches.
Despite the broader decline, September proved an outlier. The month saw 16 hacks worth over $1 million each—the highest ever for a single month— surpassing the previous record of 14 in March 2024 . This surge pushed the 2025 year-to-date average to nearly six million-dollar hacks per month.
While still below the eight-plus monthly average seen in 2023 and 2024, September’s spike raised fresh concerns about attackers’ tactics.
Notable incidents included the compromise of widely used NPM packages with over a billion downloads, which introduced malware targeting major cryptocurrency wallets. Another major hit came from the SwissBorg exchange, where hackers stole 193,000 SOL , valued at approximately $41 million.
Hackers Shift to Mid-Sized Exploits as Centralized Exchanges Suffer Most
Q3 also saw a shift in attack patterns adopted by malicious actors preying on decentralized assets. No “mega-hacks” of $100 million or more were reported, with criminals instead focusing on mid-sized crypto exploits .
Centralized exchanges were hardest hit, losing $182 million, followed by DeFi platforms with $86 million stolen. One of the largest cases was the $40 million GMX v1 exploit, though the hacker later returned funds after accepting a $5 million bounty.
A CertiK spokesperson stated that exchanges and DeFi projects remain prime targets, noting that state-sponsored groups, in particular, view them as attractive.
Blockchain security firm Hacken echoed that view, citing phishing and social engineering campaigns against centralized exchanges to access multisig and hot wallets. Hacken also warned of new threats on the Hyperliquid chain, including the HyperVault exploit and HyperDrive rug pull.
North Korean Hackers Dominate Q3 Crypto Threats Despite Overall Decline
Hacken CEO Yevheniia Broshevan stressed that North Korean hacking units remain the single biggest threat to the crypto ecosystem. She estimated that about half of all Q3 losses could be traced back to North Korean groups, which now deploy multi-layered approaches beyond traditional phishing .
Broshevan warned that both centralized crypto exchanges and emerging ecosystems like Hyperliquid must strengthen operational security.
This is a wake-up call. Centralized platforms and users exploring emerging chains like Hyperliquid must double down on operational security and due diligence, or they will remain the easiest entry points for attackers.
Yevheniia Broshevan
While September’s record-setting crypto hacks raised alarms, the broader decline in total losses—especially the steep drop in code-related exploits—gave some cause for optimism. CertiK suggested industry efforts to harden codebases may be paying off, even as attackers adapt. The ongoing challenge, analysts say, will be keeping pace with the evolving strategies of well-resourced hacking groups .
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin News Update: Bitcoin Drops Under $100K Amid Diverging Analyst Opinions on Market Direction
- Bitcoin dropped below $100,000 on Nov. 7, driven by macroeconomic risks and $2B+ ETF outflows amid U.S.-China tensions and Fed inaction. - Analysts highlight $113,000 as critical resistance and $100,000 as key support, with breakdowns risking $88,000 liquidation levels. - Institutional views diverge: Ark Invest cut targets to $120,000 while JPMorgan raised fair value to $170,000 amid shifting adoption narratives. - Market eyes December's "Santa Rally" potential but recovery hinges on Bitcoin holding abov
Bitget Connects Speculation and Risk Control through STABLEUSDT Futures
- Bitget launched STABLEUSDT pre-market futures with 25x leverage, offering 24/7 trading since Nov 6, 2025. - The contract features 4-hour funding settlements and 0.00001 tick size to enable flexible positioning. - As the world's largest UEX, Bitget aims to boost market depth for emerging tokens through strategic liquidity initiatives. - Partnerships with LALIGA/MotoGP and a $2M loan program highlight its mission to democratize crypto access. - Risk warnings emphasize volatility concerns for leveraged prod
Token Unlock Releases and Large Holder Sell-Offs Drive Ethena's 80% Value Decline
- Ethena's ENA token dropped 80% to $0.31 amid massive unlocks and whale selling, with 45.4% of tokens released in November. - Robinhood listing and Binance's USDe buyback program offer limited support as 6.8B tokens circulate and 5.99B remain locked until 2026. - USDe's $8.9B TVL and multi-chain expansion highlight potential, but technical indicators signal a possible 37% further price decline. - Analysts warn ongoing unlocks, whale activity, and crypto market volatility could prolong ENA's bearish trend
Web3 Rewards Program Fuels Surge in TWT and 1INCH
- Trust Wallet's TWT and 1INCH tokens gain momentum as Trust Premium loyalty program boosts user engagement and on-chain activity surges. - TWT trading volume rises to $32.98M while 1INCH hits $110.86M weekly volume, supported by technical indicators and ecosystem integrations. - TWT stabilizes above $1 with key resistance at $1.2935, while 1INCH tests $0.2330 level amid bullish MACD and RSI signals. - Trust Premium's tiered rewards and 1inch integration create flywheel effects, linking user activity direc
Trending news
MoreCrypto prices
More
