The amount of stolen funds in the crypto industry in the third quarter of 2025 decreased by almost 37% and amounted to $509 million against $803 million in the second quarter. However, September was a record number of hacker attacks with damages of over $1 million.
Change of tactics: from smart contracts to wallets
According to Certik, attackers change approaches: if earlier the main vector of attacks were vulnerabilities in smart contracts, now the focus has shifted to wallets and operational failures.
In the first quarter, hackers stole almost $1.7 billion, in the second, $803 million, and in the third, the figure fell to $509 million. Thus, the losses decreased by more than 70% since the beginning of the year.
The losses from breaking the code were most noticeable: from $272 million in the second quarter to $78 million in the third. Fishing losses also fell, although the number of attacks remained at the same level.
Record September
September stood out for the special activity of hackers: 16 incidents with damage of over $1 million were recorded. This is a new record that exceeded the previous figure in March 2024 (14 attacks).
Despite this, on average in 2025, the number of such cases remains lower than in 2023 and 2024. At the same time, experts note that there were no “mega-hacking” worth hundreds of millions of dollars in this quarter – hackers prefer medium-sized attacks.
Exchanges and DeFi – the main goals
Centralized exchanges suffered the highest losses – $182 million per quarter. According to experts, CEX and DEFI projects remain attractive to intruders, including for hacker groups associated with states.
The DeFi sector lost about $86 million. One of the notable episodes was the $40 million GMX V1 decentralized exchange.
The new Hyperliquid ecosystem deserves special attention, where cases like HyperVault-exploit and HyperDrive Rug Pull were recorded in the third quarter.
North Korean trail and new threats
Hacken estimates that almost half of all stolen funds are related to the activities of North Korean cybercriminals.
Hacken CEO Evgenia Broshevan noted that attackers are moving away from simple phishing and using more complex multi-level attacks. She stressed that centralized platforms and users should pay more attention to operational security.
“This is an alarm. Those who work with centralized platforms or new networks like Hyperliquid should double their attention to security and carefully check counterparties,” she said.
Results
Despite a record increase in the number of millions of attacks in September, the overall loss reduction and a significant reduction in the number of code hacks provide grounds for cautious optimism. The industry’s efforts to improve security are gradually beginning to bring results, although the risks still remain high.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.