Crypto Hack Losses Drop 37% in Q3 2025 as Code Exploits Fall
Total funds lost to crypto hacks and exploits fell by nearly 37% in the third quarter of the year, even as malicious actors shifted their approach from smart contract attacks to wallet-focused compromises and operational breaches.
According to data from blockchain security firm CertiK shared with Cointelegraph, the initial losses dropped from around $803 million in Q2 to $509 million in Q3, a 36.6% decline. Compared to Q1, when hackers stole nearly $1.7 billion, Q3’s losses declined by over 70%.
CertiK said losses from code vulnerabilities fell sharply, from $272 million in Q2 to $78 million in Q3, while phishing-related losses also declined despite a similar number of incidents.
The decline in losses to hackers came despite a record September, which saw the highest monthly number of million-dollar-plus incidents ever recorded.
September sets a new record for million-dollar incidents
September stood out as the most active month for high-value hacks, with 16 incidents exceeding $1 million — the highest monthly figure on record. By comparison, the previous monthly record was 14 incidents in March 2024.
September’s surge pulled the year-to-date average for 2025 to nearly six million-dollar security incidents per month, which is still below the averages of over eight incidents both in 2024 and 2023.
Analysts noted that while there were no $100 million mega-hacks this quarter, attackers are focusing on mid-sized exploits.
Exchanges, DeFi and new chains in the crosshairs
CertiK’s data showed that centralized exchanges had the most losses during the quarter, with $182 million stolen.
“Exchanges, as well as DeFi projects, continue to be lucrative targets for attackers, particularly for state-sponsored groups,” a CertiK spokesperson told Cointelegraph, adding that decentralized finance’s (DeFi) complex nature still appeals to hackers.
Blockchain security firm Hacken also shared a similar analysis, flagging centralized exchanges (CEXs) as the top targets in the third quarter.
“CEXs were the primary targets, compromised through sophisticated phishing and social engineering to access multisig and hot wallets,” the Hacken team told Cointelegraph.
DeFi projects came second, with $86 million lost to hacks in Q3. One of the largest exploits was the GMX v1 decentralized exchange (DEX) hack, resulting in a loss of $40 million. However, the hacker returned the funds after receiving a $5 million bounty.
“Users should exercise extreme caution when engaging with new ecosystems like Hyperliquid.”
Hacken warned users to be careful when engaging with new ecosystems. The security company said new incidents emerged on the Hyperliquid chain, including the HyperVault exploit and the HyperDrive rug pull toward the end of the quarter.
Related: UK weighs if China fraud scheme victims get current value of seized 61K Bitcoin
Hacken CEO says double down on operational security
Hacken CEO Yevheniia Broshevan told Cointelegraph that Q3 showed that North Korea’s cyber units remain the single biggest threat to the ecosystem. Broshevan said roughly half of the stolen funds during the quarter were lost due to North Korean hacking operations.
She added that the hackers’ tactics are also evolving from phishing attacks to multi-layered operational compromises. Broshevan urged centralized platforms and users to be extra vigilant.
“This is a wake-up call,” she said. “Centralized platforms and users exploring emerging chains like Hyperliquid must double down on operational security and due diligence, or they will continue to be the easiest entry points for attackers.”
Despite the rise in million-dollar incidents, the quarter’s 37% decline in total losses and a corresponding 71% drop in code exploit incidents offer some optimism. The data suggests that industry-wide efforts to harden codebases may be paying off.
Magazine: How do the world’s major religions view Bitcoin and cryptocurrency?