The third quarter of 2025 was a good time for the crypto business, as losses from hacks and exploits fell by almost 37% to $509 million. This number represents a significant decline from the $803 million reported in Q2 and a substantial 70% decrease from the first quarter, when bad actors stole approximately $1.7 billion.
Over the past several quarters, most attacks have focused on smart contract vulnerabilities. However, in Q3, attackers shifted their focus to stealing wallets and carrying out complex operational breaches. The amount of money lost because of code flaws dropped substantially, from $272 million in Q2 to just $78 million in Q3. Interestingly, losses from phishing also decreased over this period, despite hackers conducting a similar number of attacks.
Even if the quarterly figures were good, September stood out as a clear exception. It set a new monthly record for high-value hacking, with 16 different instances each costing more than $1 million in losses.
This is the most significant loss ever recorded in a single month. In March 2024, there were 14 million-dollar hacks, which is the most ever. Still, the average number of large-scale occurrences per month so far in 2025 is down to about six, from more than eight in both 2023 and 2024.
This quarter, centralized exchanges (CEXs) were the most hacked, losing a total of $182 million. Attackers employed advanced phishing and social engineering techniques to compromise multisig and hot wallets.
Decentralized finance (DeFi) initiatives came in second, losing $86 million. The GMX v1 DEX event, in which $40 million was stolen and then returned for a $5 million prize, was a prominent example of this. New blockchain ecosystems, such as Hyperliquid, have also been targeted by novel types of attacks, including the well-known HyperVault hack and the HyperDrive rug pull.
Security experts say that North Korea’s cyber forces remain the biggest threat in the field, accounting for around half of the losses in the third quarter. Hackers are employing increasingly sophisticated methods to break into systems, moving beyond simple phishing schemes.
Because of this, industry experts are advising centralised platforms and users, especially those exploring new blockchain ecosystems, to enhance their operational security and due diligence, or risk becoming easy targets.
Even if there were more million-dollar attacks in the last three months, the overall drop in losses and the 71% decrease in code-level exploits indicate that efforts to make protocol codebases more secure are yielding results. The evolving nature of attacks underscores the importance of remaining vigilant, especially as hackers adopt new methods. This makes operational security a top concern for the rest of 2025.
