Even as malicious actors shifted their approach from smart contract attacks to wallet-focused breach and operational violations, total funds lost to crypto hacks and exploits fell nearly 37%.
Data from blockchain security company Certik shared with Cointelegraph showed that initial losses fell 36.6%, down from around $83 million in the second quarter to $599 million in the third quarter. Losses fell by more than 70% in the third quarter compared to the first quarter, when hackers stole nearly $1.7 billion.
Certik said losses from code vulnerabilities fell from $272 million in the second quarter to $78 million in the third quarter, but phishing-related losses also fell despite similar incidents.
The decline in losses to hackers came despite a record September.
September sets new records for the million-dollar incident
September stands out as the most active month in high-value hacks, with 16 incidents exceeding $1 million. In comparison, the previous monthly record was 14 incidents in March 2024.
The September surge raised the average 2025 average to a security incident of nearly $6 million a month. This is below the average of over eight incidents in both 2024 and 2023.
Analysts said there were no $100 million megahacks this quarter, but attackers are focusing on medium-sized exploits.
Exchange, defi, and new chain intersection
Certik’s data showed that centralized exchanges had the most losses during the quarter, with $182 million stolen.
A Certik spokesman told Cointelegraph, “The exchange continues to be a lucrative target for attackers, particularly for state-sponsored groups,” adding that the complex nature of decentralized finance (Defi) still appeals to hackers.
Blockchain security company Hacken also shared a similar analysis, flagging central exchange (CEXS) as its top target for the third quarter.
“CEXS was our primary target and we compromised through sophisticated phishing and social engineering to access multisigs and hot wallets,” the Hacken team told Cointelegraph.
Defi Projects was second, losing $86 million to the third quarter hack. One of the biggest exploits was the GMX V1 Distributed Exchange (DEX) hack, which caused a loss of $40 million. However, the hackers returned the funds after receiving a $5 million bounty.
“Users need to be extremely careful when involved in new ecosystems like high lipids.”
Hacken warned users to be careful when engaging in the new ecosystem. The security company said new incidents have emerged in high lipid chains, such as HyperVault Exploits and HyperDry Rugpulls towards the end of the quarter.
Related: UK weight if victims of Chinese fraud schemes acquire current value of seized 61K bitcoin
CEO Hacken says it’s doubling operational security
Hacken CEO Yevheniia Broshevan told Cointelegraph that Q3 showed North Korea’s cyber units were the single biggest threat to the ecosystem. Broshevan said that North Korea’s hacking operations lost about half of the funds stolen during the quarter.
She added that hacker tactics have also evolved from phishing attacks to multi-layered operational compromises. Broshevan urged centralized platforms and users to be particularly vigilant.
“This is a wake-up call,” she said. “Intensive platforms and users exploring emerging chains like high lipids will need to double their operational security and due diligence, otherwise they will remain the easiest entry point for attackers.”
Despite the increase in million-dollar incidents, there is optimism due to a 37% decline in total quarterly losses and a corresponding 71% decline in code exploit incidents. The data suggests that industry-wide efforts to solidify the codebase may be rewarding.
magazine: How do major religions in the world see Bitcoin and cryptocurrency?