Hackers and scammers drained at least $142 million from the crypto industry in July, according to data from blockchain security firm PeckShield. The month saw 17 separate incidents, with the $44 million breach of India-based exchange CoinDCX standing out as the largest single loss.
The figure marks a 27% jump from June’s total of $111 million, but remains well below the same time last year, when $266 million was stolen — most of it from a $230 million exploit at WazirX, another Indian exchange.
PeckShield noted that the second-largest incident in July involved decentralized exchange GMX, which lost $40 million on July 11. However, the attacker later returned the funds.
CoinDCX confirmed on July 18 it had been hit by what CEO Sumit Gupta called a “sophisticated server breach.” On Thursday, a CoinDCX employee was arrested in connection with the hack, though further details are still emerging.
Just two days before that breach, crypto exchange BigONE lost at least $27 million in a third-party attack that compromised its hot wallet system.
Rounding out the top three was WOO X, which was hit on July 24 through a phishing campaign that allowed attackers to access a team member’s device and move laterally into the exchange’s systems. At least $14 million was stolen before withdrawals were suspended.
“The attacker used social engineering to get into a team member’s computer, then exploited access to the dev environment,” said Rob Behnke, chair of blockchain security firm Halborn, which investigated the incident. “They were able to move funds across multiple chains, including Bitcoin, Ethereum, BNB, and Arbitrum.”
Impacted accounts on WOO X were later reimbursed through the company’s treasury.
Behnke added that more high-value crypto attacks are now hitting offchain infrastructure — backend systems and processes — rather than exploiting bugs in smart contracts. “Smart contract audits only go so far,” he said. “The backend is increasingly where the real damage happens.”
Earlier this week, an Arizona woman was sentenced to over eight years in federal prison after admitting to helping North Korean operatives pose as American workers and land remote jobs at U.S. cryptocurrency and tech firms.
Chapman’s role, prosecutors said, was central to a scheme that generated more than $17 million in revenue for North Korea. She helped operatives tied to the Democratic People’s Republic of Korea (DPRK) obtain IT jobs at more than 300 U.S. companies by using stolen identities and fake documents. At least 68 Americans’ identities were compromised in the process.
