Total Funds Lost To Crypto Hacks And Exploits Drops 37% In Q3

The total amount of funds lost to crypto hacks and exploits has dropped by nearly 37% in the third quarter.

According to data from the blockchain security firm Certik, initial losses declined from $803 million the second quarter this year to $509 million in Q3. When compared to the $1.7 billion that was lost to hacks in Q1, the latest total marks a decline of more than 70%.

September Was Still A Record Month For Crypto Hacks

Losses due to code vulnerabilities saw a sharp decline from $272 million in Q2 to $78 million in the third quarter, Certik said. Meanwhile, losses to phishing also dropped even though there was a similar number of incidents compared to the previous quarter.

While there was a drop in the amount of funds that was lost to bad actors in the last quarter, September was a historic month in terms of the number of million-dollar-plus incidents.

Certik data shows that 16 hacks exceeding $1 million happened in September.

That beat the previous record of 14 such incidents, which was posted in March last year.

After the active September month, the year-to-date average for 2025 has risen to almost six million-dollar hacks per month. However, this is still below the averages of over eight incidents per month that were seen in 2024 and 2023. 

Analysts noted that while there were no mega-hacks that exceeded $100 million in the last quarter, hackers do seem to be focusing their efforts on mid-sized exploits.

Centralized Exchanges Suffered The Largest Hit During Q3

Centralized exchanges experienced the biggest losses in the last quarter after $182 million was stolen from these platforms, the Certik data shows. 

Losses by project (Source: Certik)

“Exchanges, as well as DeFi projects, continue to be lucrative targets for attackers, particularly for state-sponsored groups,” a CertiK spokesperson said in a recent interview.

According to another blockchain security firm, Hacken, centralized exchanges were compromised through sophisticated phishing and social engineering,” giving hackers access to multisig and hot wallets. 

The next-biggest targets were decentralized finance (DeFi) projects, with $86 million lost to hacks in the third quarter. Of these hacks, the largest was the GMX v1 decentralized exchange exploit, which resulted in a loss of $40 million. However, the hacker ended up returning the funds after receiving a $5 million bounty.

Web3 Users Should Be Careful When Interacting With New Ecosystems

Hacken warned that users should tread carefully when interacting with new ecosystems. The company said new incidents emerged on the Hyperliquid chain.

Hacken’s CEO Yevheniia Broshevan also said that Q3 showed that North Korea’s cyber units are still the biggest threats to the Web3 space. According to the CEO, half of the funds stolen during Q3 were lost to North Korean hacking operations. 

She also added that hackers’ tactics are currently evolving from phishing attacks to multi-layered operational compromises, and urged centralized platforms and users to be extra vigilant. 

Related Articles:

• Ethereum Jumps 3% as VanEck Files for Lido Staked Ethereum ETF in Delaware
• Fitell Corporation Invests $1.5 M in PUMP Token to Boost its Solana Holdings
• Best Meme Coins to Invest In Before They Explode