In the third quarter, the total funds lost in cryptocurrency due to hacks and vulnerabilities decreased by nearly 37%, as malicious actors shifted their focus from smart contracts to wallet-targeted intrusions and operational vulnerabilities.
According to data provided to Cointelegraph by blockchain security company CertiK, initial losses in the third quarter fell from $803 million in the second quarter to $509 million, a decrease of 37%. Compared to nearly $1.7 billion in losses in the first quarter, the third quarter saw a decline of over 70%.
CertiK noted a significant drop in losses caused by code vulnerabilities, which fell from $272 million in the second quarter to $78 million in the third quarter, while phishing-related losses also decreased despite a similar number of incidents.
Nevertheless, September set a historical record, becoming the month with the highest number of incidents exceeding one million dollars in history, although overall hacker losses still showed a decline.
September became the most active month for high-value hacking attacks, with 16 incidents exceeding one million dollars, breaking the monthly record. In comparison, the previous monthly record was 14 incidents in March 2024.
The surge in September brought the average monthly security incidents of one million dollars or more in 2025 to nearly six, still below the average of over eight in 2024 and 2023.
Analysts pointed out that while there were no large hacking incidents of one hundred million dollars this quarter, attackers were more focused on medium-sized exploitations.
CertiK's data showed that centralized exchanges suffered the most losses this quarter, with a total of $182 million stolen.
A CertiK spokesperson told Cointelegraph, "Exchanges and DeFi projects remain high-reward targets for attackers, especially state-sponsored hacker organizations." They added that the complexity of decentralized finance (DeFi) continues to attract hackers.
Analysis from blockchain security company Hacken also indicated that centralized exchanges (CEXs) were the primary targets of attacks in the third quarter.
The Hacken team told Cointelegraph, "CEXs are the main targets, with attackers gaining access to multi-signature wallets and hot wallets through complex phishing and social engineering techniques."
DeFi projects ranked second, suffering losses of $86 million due to hacking attacks in the third quarter. The largest incident involved the GMX v1 decentralized exchange (DEX), which lost $40 million, but the hacker returned the funds after receiving a $5 million bounty.
Hacken warned users to exercise extra caution when participating in new ecosystems. The security company noted new incidents on Hyperliquid, including the HyperVault exploit and the HyperDrive pump-and-dump event at the end of the quarter.
Hacken CEO Yevheniia Broshevan told Cointelegraph that the third quarter showed North Korean cyber forces remain the biggest threat facing the ecosystem. Broshevan stated that about half of the stolen funds this quarter came from North Korean hacking operations.
She added that hackers' attack methods are evolving from phishing attacks to multi-layered operational intrusions, urging centralized platforms and users to remain highly vigilant.
She pointed out, "This is a wake-up call. Centralized platforms and users exploring emerging chains like Hyperliquid must double down on operational security and due diligence, or they will continue to be the easiest entry points for attackers."
Despite the increase in million-dollar incidents, total quarterly losses decreased by 37%, and code vulnerability incidents dropped by 71%, still bringing some optimism. The data suggests that the industry's efforts to strengthen codebases may be yielding results.
Related: Crypto Executives: Tokenizing DAT stocks will increase investor risk
Original article: “Cryptocurrency hacking losses drop 37%, attack strategies shift to wallets”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
