Prominent platforms affected include BtcTurk ($54 million), Odin.fun ($7 million), BetterBank.io ($5 million), and CrediX Finance ($4.5 million), with weak audits, human error, and fast platform launches identified as major security drivers.
The crypto industry faced substantial security challenges in August, with hackers exploiting vulnerabilities to steal a total of $163 million across 16 incidents, according to blockchain security firm PeckShield. This is up from July’s $142 million, showing that attacks are becoming both more frequent and technically sophisticated.
The largest individual loss involved $91.4 million from multiple anonymous Bitcoin addresses, highlighting that both institutional and individual investors remain exposed to cyber risks. These events emphasize the importance of stronger infrastructure, improved protocols, and investor awareness in a rapidly expanding market. Security experts also note that evolving attack techniques, including cross-chain exploits and sophisticated phishing, are increasingly targeting users who may underestimate the risks of new protocols.
One of the most significant attacks targeted BtcTurk, Turkey’s leading cryptocurrency exchange, which lost $54 million. The platform had already suffered a similar $54 million theft in June 2024, pushing its total annual losses above $100 million. BtcTurk confirmed that affected wallets were frozen and authorities were investigating. The repeated breach illustrates that even established centralised exchanges are vulnerable to persistent attacks, challenging the effectiveness of current security measures. Analysts also point out that regulatory gaps in emerging markets can exacerbate these vulnerabilities, creating an uneven playing field for investors and operators alike, especially when rapid adoption outpaces safeguards.
While BtcTurk drew the most attention, smaller platforms also suffered losses. Odin.fun lost $7 million, BetterBank.io $5 million, and CrediX Finance $4.5 million. According to PeckShield, insufficient audits, rushed launches, and human error contribute heavily to these breaches. Weak passwords, lack of two-factor authentication, and phishing remain common entry points.
