Wallet compromises and exchange breaches emerge as top threats for crypto security
Losses from crypto hacks and exploits fell 37% in Q3 2025, totaling $509 million, according to data from blockchain security firms. The decline marks a significant improvement from the $803 million reported in Q2, and a more than 70% drop compared to Q1’s $1.7 billion in losses.
Security firm CertiK reported that losses from code vulnerabilities dropped sharply to $78 million in Q3, down from $272 million in Q2. Phishing-related losses also fell, despite the number of incidents remaining relatively steady.
However, attackers are shifting their tactics. Instead of massive protocol-level exploits, hackers are increasingly targeting wallets and operational weaknesses, with centralized exchanges and DeFi platforms in the crosshairs.
A CertiK spokesperson explained: “Exchanges and DeFi projects remain lucrative targets for attackers, particularly for state-sponsored groups.”
September sets record for million-dollar incidents
While overall quarterly losses declined, September was one of the most active months on record. The industry recorded 16 hacks exceeding $1 million, surpassing the previous record of 14 incidents in March 2024.
This surge brought the 2025 average to nearly six large-scale incidents per month — lower than the eight-per-month averages in both 2023 and 2024, but still highlighting sustained risks.
Exchanges and DeFi remain top targets
Centralized exchanges accounted for $182 million in losses, making them the hardest-hit sector. Hacken, another blockchain security firm, confirmed that CEXs were primarily compromised through phishing and social engineering tactics to gain access to multisig and hot wallets.
DeFi projects came second with $86 million in losses, including the $40 million GMX v1 exploit. In that case, the attacker returned the funds after accepting a $5 million bounty.
Hacken also warned users about risks in emerging ecosystems like Hyperliquid, citing incidents such as the HyperVault exploit and HyperDrive rug pull.
State-backed threats remain dominant
Hacken CEO Yevheniia Broshevan emphasized that North Korean cyber units were behind roughly half of the stolen funds in Q3, making them the most significant ongoing threat.
“This is a wake-up call. Centralized platforms and users exploring new chains must double down on operational security and due diligence, or they will remain easy entry points for attackers,” Broshevan said.
Despite September’s record-breaking hacks, the overall decline in losses — particularly the 71% reduction in code exploit incidents — suggests that industry-wide efforts to improve security frameworks may be working.
The shift toward wallet-based and operational compromises signals that while codebases are becoming more resilient, crypto security will increasingly depend on human vigilance and platform-level safeguards.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.