In September 2025, major cryptocurrency hacking incidents caused losses of $127 million, a 22% decrease from August’s $163 million loss. Despite this drop, the year continues to present significant security challenges for the Web3 space.

Major Incidents Reported

According to the blockchain security firm PeckShield, there were approximately 20 significant exploits in September. The largest exploit involved UXLINK, which lost $44 million when attackers manipulated its multi-signature wallet on September 22. The culprits managed to drain $11.3 million and subsequently minted billions of new UXLINK tokens, causing the token’s value to plummet by over 70%. Excessive trading by exchanges like Upbit has been ineffective in recovering most of the stolen funds.

Additionally, SwissBorg, a Swiss wealth management platform, suffered around $41.5 million in losses due to an attack on a trusted third-party service used for staking Solana (SOL). The attacker hid malicious directives within a normal unstaking request, leading to control over nearly 193,000 SOL tokens.

A phishing scheme also targeted the Venus lending platform, resulting in a $13 million loss when a victim was tricked into a fraudulent Zoom meeting, allowing hackers to access their device and manipulate wallet codes.

Persistent Issues

Although there is a noted decline in crypto exploits, 2025 overall is expected to be one of the worst years for crypto security. In the first half alone, over $3.1 billion was stolen, outpacing the entire loss figure for 2024, which was $2.85 billion. Security experts are urging platforms to enhance their defense mechanisms, including stricter access controls and better user education to avoid falling into social engineering traps.

For further reading, see reports on UXLINK’s exploit and the overall landscape of crypto hacking.