Crypto Hack Losses Decrease by 37% in Q3 Amid Shift to Wallet Attacks
The decline in crypto hack losses was marked by a significant shift in tactics, with September recording the highest number of million-dollar hacking incidents.
Crypto hack losses have seen a substantial drop of 37% in the third quarter, totaling $509 million. This reduction contrasts sharply with the $803 million lost in the second quarter. Notably, September witnessed an unprecedented surge in million-dollar hacking incidents, primarily targeting exchanges and DeFi platforms.
According to CertiK, a blockchain security firm, the shift in hacker strategies has moved from exploiting code vulnerabilities toward compromising wallets.
Total amount lost and total amount of security incidents in 2025. Source: CertiK
Total amount lost and total amount of security incidents in 2025. Source: CertiK
September sets a new record for million-dollar incidents
September marked a significant leap in high-value hacks, with 16 incidents exceeding $1 million, the highest monthly total yet recorded. Year-to-date averages for 2025 now reflect nearly six such incidents per month, still trailing the averages from 2024 and 2023.
The analysis indicates that although there were no $100 million mega-hacks, perpetrators are increasingly engaging in mid-sized attacks.
Losses by project type in Q3 2025. Source: CertiK
Losses by project type in Q3 2025. Source: CertiK
Centralized exchanges experienced the greatest losses in the quarter, with $182 million stolen. As noted by a CertiK spokesperson, exchanges and DeFi projects remain attractive targets for attackers, often state-sponsored.
Hacken corroborated these findings, highlighting centralized exchanges (CEXs) as prime targets susceptible to sophisticated phishing and social engineering tactics.
Hacken CEO Yevheniia Broshevan remarked that cyber units in North Korea continue to pose the greatest threat to the ecosystem, accounting for about half of all funds stolen within the quarter. Broshevan advised centralized platforms and users to bolster their operational security efforts to mitigate risks from evolving attack strategies.
This quarter’s positive outcomes, with a 37% decrease in total losses and a 71% drop in code exploit incidents, may indicate that industry efforts to strengthen security measures are beginning to yield results.
