This article is reprinted with permission from Slow Mist Technology, author: Slow Mist Security Team, copyright belongs to the original author.
In August 2025, the total loss from Web3 security incidents was approximately $82.89 million. Among them, according to the Slow Mist Blockchain Hacking Archive, there were 9 hacking incidents that resulted in losses of about $70.73 million, with $6.3 million frozen or returned. The causes of these incidents included contract vulnerabilities, exit scams, and account hacks. Additionally, according to the Web3 anti-fraud platform Scam Sniffer, there were 15,230 victims of phishing incidents this month, with losses amounting to $12.16 million.
BtcTurk
On August 14, 2025, the Turkish cryptocurrency exchange BtcTurk was reportedly attacked again, resulting in losses of about $54 million. Previously, on June 22, 2024, BtcTurk was attacked, suffering losses of approximately $90 million.
Regarding this incident, BtcTurk acknowledged that there was "abnormal activity" in its hot wallet and has suspended deposits and withdrawals. However, it did not disclose further details about the scale of the attack.
ODIN.FUN
On August 12, 2025, the meme coin issuance platform ODIN.FUN, based on Bitcoin, was attacked, resulting in losses of about 58.2 BTC (approximately $7 million). The attacker allegedly manipulated the prices of multiple tokens and then withdrew Bitcoin based on inflated prices. On August 17, ODIN.FUN co-founder Bob Bodily stated, "We made significant progress in terms of funds today (many have already seen it). More than 30 BTC have flowed back to ODIN, and more funds are being processed."
BetterBank
On August 27, 2025, the DeFi project BetterBank, based on PulseChain, was attacked, resulting in losses of about $5 million. The attacker exploited a contract vulnerability to mint arbitrary tokens, some of which were exchanged for ETH. The attacker subsequently returned approximately 550 million pDAI (about $2.7 million) of the stolen assets.
Credix
On August 4, 2025, the decentralized lending protocol Credix was attacked, resulting in losses of about $4.5 million. The attacker controlled the admin wallet, forged tokens, and drained funds from the liquidity pool. After the incident, Credix claimed to have reached a settlement with the attacker, who agreed to return the funds on the condition that "a certain amount is fully paid by the Credix treasury." However, Credix did not disclose how much was actually paid. Shortly after this statement was released, Credix's social media accounts were deleted, and the team disappeared, raising suspicions that the so-called attack may have been an exit scam orchestrated by insiders. To date, the promised compensation has not been fulfilled.
Feature Analysis and Security Recommendations
From the incidents in August, it can be seen that centralized platforms' hot wallets remain high-risk points; once breached, they can lead to significant fund losses. Contract vulnerabilities continue to occur frequently, and issues related to price manipulation and token minting have been exploited multiple times, indicating that some protocols lack ongoing security maintenance after launch. Additionally, this month saw teams disappearing after incidents, raising doubts about whether the so-called "attacks" were actually exit scams, which often have a greater impact on investors.
Overall, the difficulty of recovering funds remains high. While some cases have seen partial asset recovery, the proportion is limited, underscoring the importance of preventive measures over post-incident recovery. Therefore, both platforms and users need to continuously enhance their security awareness and protective measures. The Slow Mist Security Team recommends that project parties maintain a high level of vigilance, conduct comprehensive security audits regularly, promptly identify and fix potential vulnerabilities, strengthen the asset management system with wallet layering and early warning mechanisms, and stay updated on the latest attack methods and security trends to effectively safeguard assets and user security. Ordinary users can enhance their protective capabilities by referring to the "Blockchain Dark Forest Self-Rescue Manual."
Related: Venus Protocol successfully recovered $13.5 million stolen from users in a phishing attack.
Original article: “Web3 Security Incidents Cause Approximately $82.89 Million in Losses”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
