Total losses from crypto hacks and exploits witnessed a substantial drop of 37% in the third quarter of 2025, as attackers shifted their tactics away from smart contract vulnerabilities toward wallet breaches and operational compromises.
According to information released by blockchain security firm CertiK, the amount lost to malicious activities decreased from $803 million in Q2 to $509 million in Q3, reflecting a significant reduction in security breaches. This marks a staggering decline of over 70% when compared to Q1, where hackers siphoned approximately $1.7 billion.
CertiK’s analysis indicated a remarkable decrease in losses attributed to code vulnerabilities, dropping from $272 million in Q2 to just $78 million in Q3. Additionally, even with a similar number of incidents, phishing-related thefts also saw a downturn.
Notably, September 2025 became a record-breaking month for high-value hacks. It recorded 16 incidents where losses exceeded $1 million, achieving the highest total ever documented in a single month, surpassing the previous record of 14 incidents set in March 2024. Despite this surge in high-value hacks, the year-to-date average across 2025 stands at nearly six million-dollar incidents per month, still trailing behind averages of over eight incidents in the years prior.
Interestingly, while there were no mega-hacks exceeding $100 million during this quarter, attacks primarily targeted mid-sized enterprises.
The data highlights that centralized exchanges (CEXs) experienced the most significant losses, totaling $182 million in Q3 alone. A spokesperson from CertiK elaborated that centralized exchanges and decentralized finance (DeFi) projects continue to attract considerable attention from attackers, especially from state-sponsored groups. The complex nature of DeFi remains a point of vulnerability.
Compounding this issue, security firm Hacken corroborated CertiK’s findings, identifying CEXs as the primary targets in Q3, often compromised through sophisticated phishing schemes and social engineering tactics designed to access multisig and hot wallets.
DeFi projects followed, with losses amounting to $86 million attributed to hacks during this quarter. One of the most notable incidents involved the hack of the GMX v1 decentralized exchange (DEX), which led to a loss of $40 million. Remarkably, the hacker returned the stolen funds after being offered a $5 million bounty.
Users have been advised to exercise increased caution when navigating new ecosystems, with Hacken highlighting recent security incidents surrounding the Hyperliquid chain, including the HyperVault exploit and the HyperDrive rug pull.
In a statement, Hacken’s CEO, Yevheniia Broshevan, emphasized that Q3 2025 revealed that North Korean cyber units remained a prevalent threat, with approximately half of the total funds stolen during the quarter attributed to their hacking operations. She pointed out that the tactics employed by these hackers are evolving, shifting from basic phishing schemes to more intricate operational compromises.
Broshevan urged centralized platforms and individual users to enhance their operational security practices. “This is a wake-up call,” she said. “Centralized platforms and users exploring emerging chains must significantly improve on operational security and due diligence to fend off attackers.”
Despite the drastic drop in overall losses and a notable decrease in code exploits, the sharp decline indicates that the crypto community’s efforts to strengthen security measures are beginning to show promise.
