Losses from cryptocurrency hacks and exploits fell significantly in the third quarter of 2025, even as attackers shifted tactics toward targeting wallets and centralized platforms. Data from blockchain security firm CertiK revealed that overall losses dropped to $509 million, down 37% from $803 million in Q2. Compared with the first quarter, when hackers siphoned off nearly $1.7 billion, the decline amounts to more than 70%, offering cautious optimism for the sector.
A key driver of the decline was the steep fall in losses linked to vulnerabilities in code. Exploits through smart contract weaknesses dropped from $272 million in Q2 to just $78 million in Q3. Phishing incidents also resulted in fewer losses, though their frequency remained consistent with earlier quarters. The figures suggest that ongoing efforts to strengthen smart contract security and patch known flaws are beginning to bear fruit.
Despite the downward trend, September proved a volatile month. CertiK flagged it as the worst month on record for high-value hacks, with 16 separate incidents surpassing the $1 million threshold. This surpassed the previous monthly record of 14 incidents set in March 2024. The September surge raised the year-to-date average for 2025 to almost six million-dollar hacks per month, though this was still lower than the averages of previous years. Analysts noted that while the quarter saw no single exploit exceeding $100 million, attackers instead concentrated on mid-sized, more frequent breaches.
Centralized exchanges accounted for the largest share of Q3 losses, with $182 million stolen. A CertiK spokesperson explained that exchanges remain a prime target for both independent hackers and state-sponsored actors, especially due to their reliance on hot wallets and multi-signature setups vulnerable to sophisticated social engineering attacks. DeFi platforms followed, recording $86 million in losses, including the $40 million exploit of the GMX v1 decentralized exchange. That incident ended on a surprising note, as the hacker returned the funds after negotiating a $5 million bounty.
New ecosystems also entered hackers’ radar. Hacken, another blockchain security firm, pointed to the Hyperliquid chain as a fresh hotspot, citing the HyperVault exploit and the HyperDrive rug pull as warning signs for investors venturing into emerging projects. Hacken’s CEO, Yevheniia Broshevan, highlighted the evolving sophistication of North Korean cyber units, which she said were responsible for nearly half of the quarter’s stolen funds. She emphasized the growing trend of attackers moving beyond phishing toward layered operational compromises.
“This quarter is a wake-up call,” Broshevan cautioned, urging centralized platforms and retail investors alike to strengthen operational security. She added that without robust due diligence, exchanges and users experimenting with newer ecosystems would remain highly exposed.
While the surge in million-dollar incidents underscored the persistent threat landscape, the broader 37% quarterly decline, along with a 71% drop in code exploit losses, indicates that industry-wide improvements in cybersecurity are gradually yielding results. For now, exchanges and wallets appear to be the new battlegrounds in the fight to secure digital assets.
