This article is reprinted with permission from SlowMist Technology, and the copyright belongs to the original author.

In July 2025, the total loss from Web3 security incidents was approximately $147 million. According to the SlowMist blockchain hacking archive (https://hacked.slowmist.io), there were a total of 13 hacking incidents, resulting in losses of about $140 million, with $42.48 million being frozen or returned. The causes of these incidents included contract vulnerabilities, supply chain attacks, and account hacks. Additionally, according to the Web3 anti-fraud platform Scam Sniffer, there were 9,143 victims of phishing incidents this month, with losses amounting to $7.09 million.

(https://dune.com/scam-sniffer/july-2025-scam-sniffer-scam-report)

On July 19, 2025, on-chain detective ZachXBT posted on his personal channel stating, "It seems that the centralized exchange platform CoinDCX in India may have been hacked about 17 hours ago, with losses of approximately $44.2 million, but as of now, the incident has not been disclosed to the community."

Shortly after, the company's co-founder Sumit Gupta responded on X. In his response, Sumit disclosed that the attacked wallet was an internal operational account used solely for providing liquidity, and customer funds were unaffected as they were stored in secure cold wallets. Trading and withdrawals would return to normal, and all losses incurred from the attack would be covered by CoinDCX's reserves.

(https://x.com/smtgpt/status/1946597988660645900)

On July 31, according to FinanceFeeds, a software engineer at CoinDCX was arrested for assisting in the attack. The attacker installed malware on the software engineer's computer under the pretext of a part-time job and paid a high part-time salary. The malware was a sophisticated keylogger, which the attacker used to obtain login credentials and access CoinDCX's internal systems, ultimately leading to the incident.

On July 9, 2025, the SlowMist MistEye security monitoring system detected that the decentralized exchange platform GMX was attacked, resulting in asset losses exceeding $42 million. According to analysis by the SlowMist security team, the core of this attack was that the attacker exploited two features: the Keeper system enabling leverage when executing orders and the global average price being updated when shorting but not when creating a short position. Through a re-entrancy attack, the attacker created large short positions, manipulated the values of the global short average price and global short position size, thereby directly amplifying the GLP price to redeem profits. For a detailed analysis, see GMX Hacking Analysis: $42 Million Instantly Vaporized.

(https://x.com/SlowMist_Team/status/1942949653231841352)

On July 11, GMX released a statement on X, indicating that the security incident stemmed from a vulnerability in the GMX V1 codebase, which has been disclosed and notified to the GMX V1 branch. To thank the white-hat hacker for their efforts, GMX has paid them a $5 million bounty, and the $42 million involved in the attack has been secured.

(https://x.com/GMX_IO/status/1943654914749534380)

On July 16, 2025, the SlowMist security team monitored that the cryptocurrency exchange platform BigONE suffered a supply chain attack, resulting in losses exceeding $27 million. The attacker infiltrated its production network and modified the operational logic of servers related to accounts and risk control, enabling fund transfers. On July 24, BigONE updated the incident progress on X, stating that there was no private key leakage in this incident, and all losses would be borne by the official.

(https://x.com/SlowMist_Team/status/1945346830222680330)

On July 24, 2025, the cryptocurrency exchange platform WOO X suspended withdrawals due to a security vulnerability, with 9 user accounts experiencing approximately $14 million in unauthorized withdrawals. According to official disclosures, the vulnerability originated from a targeted phishing attack on a team member, through which the attacker gained limited access to the trading platform's development environment, bypassed some security measures, and coordinated unauthorized withdrawal operations on these 9 accounts.

(https://support.woox.io/hc/en-us/articles/49178783818777-Temporary-withdrawal-suspension-July-24-2025)

On July 9, the Ethereum Layer 1 cross-chain bridge of ZKSwap encountered an attack, where the attacker exploited its emergency withdrawal mechanism, resulting in a loss of approximately $5 million. Analysis indicated that the mechanism responsible for verifying zero-knowledge proofs did not actually perform verification. This serious oversight allowed the attacker to arbitrarily forge withdrawal proofs, thereby bypassing the core security guarantees of the cross-chain bridge.

(https://x.com/R4ZN1V/status/1948448167734673838)

In the blockchain security incidents of July, contract vulnerabilities remained the primary attack method, with targets concentrated on centralized exchanges and decentralized finance platforms. Among them, the total losses from security incidents related to centralized exchanges reached as high as $85.2 million, accounting for 60.8% of the losses from hacking incidents this month. The SlowMist security team reminds developers that when integrating complex functions such as leverage mechanisms and oracles in DeFi protocols, they should pay special attention to global state consistency and complete verification of boundary conditions to avoid systemic risks caused by interaction logic deviations; centralized exchanges should further enhance audit standards and system transparency to strengthen the overall security defense.

In addition to on-chain attacks, security risks in everyday usage scenarios should not be overlooked:

This month, there were again incidents of assets being stolen due to purchasing hardware wallets through unofficial channels, with victims losing 4.35 BTC. The SlowMist security team previously explained this method in the Web3 Security Beginner's Guide | Common Traps of Hardware Wallets, interested readers can click to view.

Recently, there have also been frequent phishing incidents involving fake Zoom meetings: users click on malicious links to enter a counterfeit meeting room, where the visuals appear normal but there is no sound. Under the guidance of the attacker's "technical support," they download so-called repair tools, ultimately resulting in asset losses. Currently, the Web3 phishing simulation platform Unphishable (https://unphishable.io/) has launched a "Fake Zoom Online Meeting Phishing Simulation" level, allowing users to enhance their security awareness and protective capabilities through gameplay.

Related: The "Missing Satoshi" statue in Lugano was stolen, with a reward of 0.1 Bitcoin (BTC) for its recovery.

Original text: “SlowMist Security Report: July Web3 Security Incidents Result in Approximately $147 Million Losses”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。