The total funds lost due to crypto hacks and exploits decreased by nearly 37% in the third quarter, as attackers switched their focus from smart contract vulnerabilities to wallet compromises and operational breaches.
Data from blockchain security company CertiK, shared with Cointelegraph, indicated that initial losses fell from $803 million in Q2 to $509 million in Q3, marking a 37% reduction. When compared to Q1, where hackers took almost $1.7 billion, the losses in Q3 had dropped by over 70%.
CertiK reported a significant decline in losses from code vulnerabilities, plummeting from $272 million in Q2 to $78 million in Q3, while losses due to phishing also reduced despite consistent incident reports.
The reduction in losses occurred even with a record-setting September that documented the highest monthly count of incidents exceeding one million dollars ever recorded.
September sets a new record for million-dollar incidents
September emerged as the most active month for high-value hacks, witnessing 16 incidents surpassing $1 million, the highest monthly total ever. This surpassed the previous record of 14 incidents in March 2024.
This surge in September drove the year-to-date average for 2025 to almost six million-dollar security incidents per month, which remains below the average of over eight incidents during 2024 and 2023.
Analysts highlighted that although there were no mega-hacks exceeding $100 million in the quarter, attackers concentrated on mid-sized exploits.
Exchanges, DeFi, and new chains targeted
CertiK’s data showed that centralized exchanges suffered the most significant losses during the quarter, amounting to $182 million.
“Exchanges and DeFi projects remain attractive targets for attackers, especially for state-sponsored groups,” said a CertiK spokesperson to Cointelegraph, adding that the intricate nature of decentralized finance (DeFi) continues to entice hackers.
Hacken, another blockchain security firm, echoed this analysis, identifying centralized exchanges (CEXs) as the primary targets in Q3.
“CEXs were the central focus, compromised through sophisticated phishing and social engineering methods to access multisig and hot wallets,” the Hacken team informed Cointelegraph.
DeFi projects ranked second, suffering $86 million in losses due to hacks in Q3. A major exploit involved the GMX v1 decentralized exchange (DEX), resulting in a $40 million loss; however, the hacker returned the funds after receiving a $5 million bounty.
“Users must exercise extreme caution when engaging with new ecosystems like Hyperliquid.”
Hacken cautioned users to be vigilant when interacting with new ecosystems, noting new incidents on the Hyperliquid chain, including the HyperVault exploit and the HyperDrive rug pull towards the quarter’s end.
Related: UK considers current value for victims of China fraud scheme with 61K seized Bitcoin
Hacken CEO emphasizes importance of operational security
Hacken’s CEO Yevheniia Broshevan told Cointelegraph that Q3 highlighted that North Korea’s cyber units represented the biggest threat to the ecosystem. She reported that nearly half of the funds stolen during the quarter were attributable to North Korean hacking efforts.
Broshevan stated that hackers’ tactics are evolving, moving from phishing to multi-layered operational compromises. She urged both centralized platforms and users to enhance their vigilance.
“This serves as a wake-up call,” she stated. “Centralized platforms and users exploring new chains like Hyperliquid need to reinforce their operational security and due diligence, or they will remain easy entry points for attackers.”
Notwithstanding the increase in million-dollar incidents, the quarter’s 37% decrease in total losses and a corresponding 71% reduction in code exploit incidents provides a glimmer of hope. The findings suggest that industry-wide efforts to fortify codebases may be yielding positive outcomes.
Magazine: How do the world’s major religions view Bitcoin and cryptocurrency?
