The total value drained by crypto thefts and fraudulent schemes experienced a significant reduction of almost 37% during the third quarter of the year. This shift occurred as perpetrators pivoted their strategies, placing less emphasis on vulnerabilities within smart contracts and instead targeting weaknesses in digital wallets and standard operating procedures.
Information sourced from CertiK, a cybersecurity firm specializing in blockchain technology, and shared with Cointelegraph, reveals a notable decrease in initial losses. These losses diminished from $803 million in the second quarter to $509 million in the subsequent quarter, reflecting a 37% improvement. When contrasted with the first quarter, which saw hackers pilfering close to $1.7 billion, the third quarter witnessed a decline of more than 70% in total losses.
CertiK indicated a sharp reduction in losses attributable to flaws in computer code, decreasing from $272 million in the second quarter to $78 million in the third. Concurrently, losses linked to phishing activities also diminished, notwithstanding a consistent level of such malicious incidents.
This drop in losses to illicit actors occurred even as the month of September established a new, unfavorable benchmark, recording the highest number of individual security breaches, each exceeding $1 million in damages.
September Sets a New Record for Million-Dollar Incidents
September proved to be especially problematic, with a record-breaking 16 incidents, each involving losses exceeding $1 million. This figure surpasses all previous months, with the prior high being 14 similar breaches recorded in March of the preceding year, 2024.
The pronounced surge during September has elevated the year-to-date average for 2025 to almost six security breaches per month, each causing damages of $1 million or more. This average remains below the rates observed in both 2024 and 2023, which experienced over eight incidents each month.
Industry experts pointed out that while there were no exceptionally large-scale attacks involving losses of $100 million or greater during the quarter, malicious parties instead concentrated their efforts on mid-sized exploitations.
Exchanges, DeFi, and Emerging Blockchains Under Attack
CertiK’s data indicates that centralized exchanges experienced the highest losses during the quarter, amounting to $182 million in stolen assets.
“Both exchanges and decentralized finance (DeFi) ventures remain tempting targets for malicious actors, particularly government-backed groups,” a spokesperson from CertiK conveyed to Cointelegraph. They further emphasized that the intrinsic complexity of decentralized finance (DeFi) platforms makes them continuously appealing to hackers.
Hacken, another firm that specializes in blockchain security, shared a similar assessment, noting centralized exchanges (CEXs) were the preferred target in the third quarter.
“Centralized exchanges emerged as the primary target, falling prey to sophisticated phishing campaigns and social engineering tactics used to access multi-signature and active digital wallets,” the Hacken team stated to Cointelegraph.
DeFi projects held the second position, experiencing losses of $86 million in the third quarter. A significant incident involved the GMX v1 decentralized exchange (DEX), where a $40 million exploit occurred. However, the offending hacker returned the misappropriated funds after receiving a bounty of $5 million.
“Users should exercise extreme caution when engaging with new ecosystems like Hyperliquid.”
Hacken advised individuals to exercise heightened caution when participating in emerging ecosystems. The cybersecurity firm highlighted the appearance of new incidents on the Hyperliquid blockchain, including the HyperVault exploit and the HyperDrive scam, which occurred near the end of the quarter.
Related: UK Weighs Whether Victims of Chinese Fraud Scheme Should Receive Current Value of Seized 61K Bitcoin
Hacken CEO Calls for Enhanced Operational Security
Yevheniia Broshevan, CEO of Hacken, communicated to Cointelegraph that the data from the third quarter confirms that cyber units associated with North Korea remain the single largest menace to the crypto ecosystem. Broshevan estimates that around half of the funds illegally acquired during the quarter were the result of North Korean hacking operations.
She also highlighted that the strategies employed by these hackers are advancing, shifting from basic phishing schemes to complex, multi-layered attacks that undermine operational integrity. Broshevan implored both centralized platforms and individual users to maintain increased vigilance.
“This serves as a crucial warning,” she emphasized. “Centralized platforms and users venturing into new blockchain environments, such as Hyperliquid, must significantly reinforce their operational security measures and due diligence practices. Failure to do so will leave them vulnerable and easily exploitable by attackers.”
Despite the increase in million-dollar incidents, the quarter’s 37% overall reduction in losses and a corresponding 71% drop in code exploitation incidents offer some positive indications. This data suggests that ongoing industry-wide initiatives to enhance the security of codebases may be showing some success.
Magazine: How Do the World’s Major Religions View Bitcoin and Cryptocurrency?