In the third quarter, total funds lost to crypto hacks and exploits decreased by nearly 37%, as malicious actors shifted their tactics from smart contract attacks to wallet-focused compromises and operational breaches.
Data from blockchain security firm CertiK, shared with Cointelegraph, indicates that initial losses fell from $803 million in Q2 to $509 million in Q3, marking a 37% reduction. Compared to Q1, when hackers stole nearly $1.7 billion, Q3’s losses are down by over 70%.
CertiK reported a significant drop in losses from code vulnerabilities, from $272 million in Q2 to $78 million in Q3, while phishing-related losses also decreased, despite a consistent number of incidents.
These declines in losses occurred even with a record September that recorded the highest number of million-dollar-plus incidents ever documented.
September sets a new record for million-dollar incidents
September emerged as the most active month for high-value hacks, with 16 incidents surpassing $1 million, the highest monthly figure recorded to date. The previous record was 14 incidents in March 2024.
This uptick in September raised the year-to-date average for 2025 to nearly six million-dollar security incidents monthly, although still below the averages of over eight incidents in 2024 and 2023.
Analysts observed that while there were no $100 million mega-hacks during the quarter, attackers concentrated on mid-sized exploits.
Exchanges, DeFi and new chains in the crosshairs
According to CertiK, centralized exchanges experienced the most losses this quarter, amounting to $182 million stolen.
“Exchanges and DeFi projects remain attractive targets for attackers, especially for state-sponsored groups,” a CertiK representative told Cointelegraph, noting that the complexities of decentralized finance (DeFi) continue to draw hackers.
Blockchain security firm Hacken provided a similar analysis, identifying centralized exchanges (CEXs) as the top targets in the third quarter.
“CEXs were primarily targeted, exploited through sophisticated phishing and social engineering tactics to access multisig and hot wallets,” the Hacken team informed Cointelegraph.
DeFi projects ranked second, with $86 million lost to hacks in Q3. One significant exploit was the GMX v1 decentralized exchange (DEX) hack, leading to a loss of $40 million; however, the hacker returned the funds after being offered a $5 million bounty.
“Users should exercise extreme caution when engaging with new ecosystems like Hyperliquid.”
Hacken cautioned users to remain vigilant when interacting with new ecosystems. The security company highlighted recent incidents on the Hyperliquid chain, including the HyperVault exploit and the HyperDrive rug pull towards the end of the quarter.
Related: UK considers if China fraud scheme victims receive current value of seized 61K Bitcoin
Hacken CEO emphasizes heightened operational security
Hacken CEO Yevheniia Broshevan told Cointelegraph that Q3 demonstrated that North Korea’s cyber units pose the greatest threat to the ecosystem, with about half of the funds stolen during the quarter attributed to their hacking operations.
She mentioned that the hackers’ strategies have shifted from phishing attacks to multi-layered operational compromises. Broshevan urged centralized platforms and users to maintain heightened vigilance.
“This is a wake-up call,” she stated. “Centralized platforms and users exploring emerging chains like Hyperliquid must enhance their operational security and due diligence to avoid becoming easy targets for attackers.”
Despite the increase in million-dollar incidents, the quarter’s 37% decline in total losses and a corresponding 71% drop in code exploit incidents provide some optimism. This data implies that industry-wide efforts to secure codebases may be yielding positive results.
Magazine: How do the world’s major religions view Bitcoin and cryptocurrency?
