Crypto exploits in September slowed down by 22%, for a total theft of $127M. There were about 22 major hacks against multiple protocols and personal wallets reported during the month.
Crypto exploits in September slowed down compared to the levels from the previous month. Despite this, the losses from the period reached $127M, from 20 major hacks.
Based on Peckshield statistics, September was a relatively slow month for hackers, after August’s theft of $163M. Overall, hacks and exploits are rarer, though some of the attacks are more sophisticated.
Crypto exploits targeted smart contract vulnerabilities
The most prominent hack for the month was UXLink, with estimated losses of $44M to $48M. The hack was also a double loss, as the exploiter fell prey to another phishing scam, as Cryptopolitan reported.
The SwissBorg DEX, losing over $41M, was also among the top hacks for the month.
Decentralized losses were smaller, though a single user lost $13.5M to a phishing exploit. The funds were later recovered. Smaller protocols Yala and GriffAI lost another $10.64M in total.
The last two months showed hackers were ready to take a detailed look at loopholes in smart contracts. Attacks against decentralized infrastructure included unauthorized token minting, flawed price data, and unauthorized stablecoin withdrawals.
Some of the exploits resembled previous activity from DPRK hackers, as the funds were swapped into ETH and immediately mixed.
In September, the crypto space was sent into a full panic after the hack of one of the leading npm package repositories. However, the hack ended up stealing just over $1,000 in crypto before apps were patched with safe npm packages.
Despite this, supply-chain attacks were still a threat, especially for centralized exchanges.
Crypto theft returned in 2025
In total, the whole of Q3 had around $307M stolen through exploits of various sizes. For the year to date, hacks total over $2.55B, including the Bybit exploit.
Techniques are changing, with a mix of malicious front ends, wallet drainers, and deliberate smart contract exploits. In Q3, the total haul was a result of mid-sized or small hacks. For the entire quarter, the hacking of the BTCTurk exchange for $54M was the biggest event.
The third quarter passed without a major exchange hack, potentially signaling better security or a shift in hackers’ focus. While centralized exchanges cooperate with authorities, hacking in Web3 and DeFi protocols is harder to track.
Based on Polymarket predictions, the odds of another $100M or over hack are relatively small. However, the black swan event could immediately sway the prediction pair.
Even with slower hacking activity, exploit wallets are busy laundering their funds. In the past quarter, deposits and withdrawals on Tornado Cash have accelerated, tripling since their lows in June.
The lack of large-scale hacks may thus be a matter of luck, as exchanges mostly operate with similar platforms and have the same vulnerabilities. Social media account thefts have slowed down in Q3 after previous mass campaigns against influencers.
Recently, BNBChain had its account hacked, but it only led to $13,000 in losses from a fake airdrop site.
Don’t just read crypto news. Understand it. Subscribe to our newsletter. It’s free.
Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0
PRC Comment Policy
Your comments MUST BE constructive with vivid and clear suggestion relating to the post.
Your comments MUST NOT be less than 5 words.
Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.
Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.
Constructive REPLY to comments is allowed