Total funds lost to crypto hacks and exploits fell by almost 37% in the third quarter, as malicious actors shifted their approach from smart contract attacks to wallet-focused compromises and operational breaches.
According to data from blockchain security firm CertiK shared with Cointelegraph, the initial losses dropped from $803 million in Q2 to $509 million in Q3, a 37% decline. Compared to Q1, when hackers stole almost $1.7 billion, Q3’s losses declined by over 70%.
CertiK said losses from code vulnerabilities fell sharply, from $272 million in Q2 to $78 million in Q3, while phishing-related losses also declined despite a similar number of incidents.
The decline in losses to hackers came despite a record September, which saw the highest monthly number of million-dollar-plus incidents ever recorded.
Total amount lost and total amount of security incidents in 2025. Source: CertiKSeptember sets a new record for million-dollar incidents
September stood out as the most active month for high-value hacks, with 16 incidents exceeding $1 million, the highest monthly figure on record. By comparison, the previous monthly record was 14 incidents in March 2024.
September’s surge pulled the year-to-date average for 2025 to nearly six million-dollar security incidents per month, which is still below the averages of over eight incidents in 2024 and 2023.
Analysts noted that while there were no $100 million mega-hacks in the quarter, attackers were focusing on mid-sized exploits.
Security incidents with over $1 million in losses in 2025. Source: CertiKExchanges, DeFi and new chains in the crosshairs
CertiK’s data showed that centralized exchanges had the most losses during the quarter, with $182 million stolen.
“Exchanges, as well as DeFi projects, continue to be lucrative targets for attackers, particularly for state-sponsored groups,” a CertiK spokesperson told Cointelegraph, adding that decentralized finance’s (DeFi) complex nature still appeals to hackers.
Blockchain security firm Hacken shared a similar analysis, flagging centralized exchanges (CEXs) as the top targets in the third quarter.
“CEXs were the primary targets, compromised through sophisticated phishing and social engineering to access multisig and hot wallets,” the Hacken team told Cointelegraph.
Losses by project type in Q3 2025. Source: CertiKDeFi projects came second, with $86 million lost to hacks in Q3. One of the largest exploits was the GMX v1 decentralized exchange (DEX) hack, resulting in a loss of $40 million. However, the hacker returned the funds after receiving a $5 million bounty.
Hacken warned users to be careful when engaging with new ecosystems. The security company said new incidents emerged on the Hyperliquid chain, including the HyperVault exploit and the HyperDrive rug pull toward the end of the quarter.
Related: UK weighs if China fraud scheme victims get current value of seized 61K Bitcoin
Hacken CEO says double down on operational security
Hacken CEO Yevheniia Broshevan told Cointelegraph that Q3 showed that North Korea’s cyber units remained the single biggest threat to the ecosystem. Broshevan said about half of the funds stolen during the quarter were lost to North Korean hacking operations.
She added that the hackers’ tactics were evolving from phishing attacks to multi-layered operational compromises. Broshevan urged centralized platforms and users to be extra vigilant.
“This is a wake-up call,” she said. “Centralized platforms and users exploring emerging chains like Hyperliquid must double down on operational security and due diligence, or they will continue to be the easiest entry points for attackers.”
Despite the rise in million-dollar incidents, the quarter’s 37% decline in total losses and a corresponding 71% drop in code exploit incidents offered some optimism. The data suggests that industry-wide efforts to harden codebases may be paying off.
Magazine: How do the world’s major religions view Bitcoin and cryptocurrency?
Source: https://cointelegraph.com/news/q3-2025-crypto-hacks-losses-drop-37-percent?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound
