Crypto exploits in September slowed down by 22%, for a total theft of $127M. There were about 22 major hacks against multiple protocols and personal wallets reported during the month. Crypto exploits in September slowed down compared to the levels from the previous month. Despite this, the losses from the period reached $127M, from 20 major hacks. Based on Peckshield statistics, September was a relatively slow month for hackers, after August’s theft of $163M. Overall, hacks and exploits are rarer, though some of the attacks are more sophisticated. Crypto exploits targeted smart contract vulnerabilities The most prominent hack for the month was UXLink, with estimated losses of $44M to $48M. The hack was also a double loss, as the exploiter fell prey to another phishing scam, as Cryptopolitan reported . The SwissBorg DEX, losing over $41M, was also among the top hacks for the month. Decentralized losses were smaller, though a single user lost $13.5M to a phishing exploit. The funds were later recovered. Smaller protocols Yala and GriffAI lost another $10.64M in total. The last two months showed hackers were ready to take a detailed look at loopholes in smart contracts. Attacks against decentralized infrastructure included unauthorized token minting , flawed price data, and unauthorized stablecoin withdrawals. Some of the exploits resembled previous activity from DPRK hackers, as the funds were swapped into ETH and immediately mixed. In September, the crypto space was sent into a full panic after the hack of one of the leading npm package repositories. However, the hack ended up stealing just over $1,000 in crypto before apps were patched with safe npm packages. Despite this, supply-chain attacks were still a threat, especially for centralized exchanges. Crypto theft returned in 2025 In total, the whole of Q3 had around $307M stolen through exploits of various sizes. For the year to date, hacks total over $2.55B, including the Bybit exploit . Techniques are changing, with a mix of malicious front ends, wallet drainers, and deliberate smart contract exploits. In Q3, the total haul was a result of mid-sized or small hacks. For the entire quarter, the hacking of the BTCTurk exchange for $54M was the biggest event. The third quarter passed without a major exchange hack, potentially signaling better security or a shift in hackers’ focus. While centralized exchanges cooperate with authorities, hacking in Web3 and DeFi protocols is harder to track. Based on Polymarket predictions, the odds of another $100M or over hack are relatively small. However, the black swan event could immediately sway the prediction pair . Even with slower hacking activity, exploit wallets are busy laundering their funds. In the past quarter, deposits and withdrawals on Tornado Cash have accelerated, tripling since their lows in June. Tornado Cash activity picked up in Q3, as older exploit wallets laundered their funds, while new hackers were quick to swap into ETH and use the mixer. | Source: Dune Analytics The lack of large-scale hacks may thus be a matter of luck, as exchanges mostly operate with similar platforms and have the same vulnerabilities. Social media account thefts have slowed down in Q3 after previous mass campaigns against influencers. Recently, BNBChain had its account hacked , but it only led to $13,000 in losses from a fake airdrop site. Sign up to Bybit and start trading with $30,050 in welcome gifts
