In July, bad actors and scammers stole at least $142 million from the crypto space in 17 separate attacks, with the largest loss stemming from the exploit of crypto exchange CoinDCX.
According to blockchain security firm PeckShield, this total represents a 27% increase from June’s $111 million in losses, as stated in a post on X on Friday.
Despite the rise from June, the figure is still 46% lower compared to July 2024, when hackers took $266 million, including a massive $230 million breach at Indian crypto exchange WazirX that accounted for most of the losses that month.
PeckShield said the attacker who exploited the GMX decentralized exchange for $40 million in crypto on July 11, the second largest hack for the month, returned the stolen funds days later.
CoinDCX hack was the largest for July
Indian cryptocurrency exchange CoinDCX was hacked for $44 million on July 18 in what CEO Sumit Gupta described as “a sophisticated server breach.” A CoinDCX employee was arrested on Thursday in connection with the attack.
Just two days earlier, on July 16, crypto exchange BigONE experienced a third-party attack on its hot wallet infrastructure, leading to losses of at least $27 million.
Rounding out July’s top three was crypto trading platform WOO X, which suffered a phishing attack on July 24 that resulted in losses of at least $14 million.
Device of a WOO X team member was accessed
Rob Behnke, chairman of blockchain security firm Halborn, stated in a Tuesday report that the perpetrators of the WOO X hack used social engineering to target a team member and gain access to their devices.
“In this case, the attacker employed social engineering to compromise a team member’s computer. From there, they were able to move into the development environment and exploit the system’s trust to drain user accounts,” he explained.
“The attacker successfully performed multiple malicious transactions over the course of two hours before the suspicious activity was noticed and the platform disabled withdrawals.”
Funds were stolen across multiple chains, including Bitcoin, Ether, BNB, and Arbitrum. The affected accounts later had their balances restored using the company’s treasury.
Hackers are targeting off-chain systems
According to Behnke, there has been a recent trend of hackers targeting off-chain systems for high-value attacks.
“Rather than searching for exploitable smart contract vulnerabilities—which can be detected and fixed through security audits—attackers are focusing on weaknesses in backend infrastructure and processes,” he explained.
“As DeFi hackers grow more sophisticated and increasingly target back end systems and infrastructure, projects need to have strong security controls and processes in place to mitigate these threats.”
