TL;DR
- September losses: Hackers stole $127 million across 21 incidents, reflecting a 22% decline from August’s $163 million and showing a temporary easing of exploits activity.
- Top exploits: FixedFloat, BtcTurk, CoinEx, and Stake.com were the largest breaches, together responsible for more than 70% of the month’s total stolen funds.
- Year-to-date: Despite September’s decline, cumulative 2023 crypto losses have already surpassed $1.3 billion, underscoring persistent risks across decentralized finance.
After a turbulent summer for digital assets, September brought a notable decline in crypto-related exploits. According to blockchain security firm PeckShield, hackers stole $127 million across 21 incidents, marking a 22% reduction compared to August’s $163 million. While the figure highlights progress in curbing attacks, the month still saw several high-profile breaches that underscore persistent vulnerabilities in decentralized finance.
#PeckShieldAlert September 2025 saw ~20 major crypto exploits, resulting in total losses of $127.06M.
This marks a -22% decrease from August's $163M.In a positive development, ~$13M drained from a Venus user in a #phishing attack has been recovered.
Top 5 Hacks:
🔺 #UXLINK –… pic.twitter.com/ebUYM3Xwnh— PeckShieldAlert (@PeckShieldAlert) October 2, 2025
Major Incidents Define the Month
The largest exploit in September targeted the decentralized exchange FixedFloat, which lost $26.1 million. Close behind was the $24.2 million breach of the decentralized finance protocol BtcTurk. Other significant incidents included the $20 million attack on CoinEx and a $19.4 million exploit of Stake.com. Collectively, these four cases accounted for more than 70% of the total losses, showing how a handful of large-scale hacks continue to dominate the landscape.
Comparison With Previous Months
September’s $127 million in losses represented a sharp decline from August, when attackers drained $163 million. The drop is even more striking compared to July, which saw $320 million stolen. This downward trend suggests that improved security measures and heightened vigilance may be curbing exploit activity, although the persistence of multimillion-dollar breaches shows the industry remains far from secure.
Broader 2025 Context
Despite September’s decline, cumulative losses in 2025 remain substantial. PeckShield data shows that total stolen funds this year have surpassed $1.3 billion. High-profile incidents earlier in the year, such as the $197 million Euler Finance exploit in March, continue to weigh heavily on the sector’s security record. The figures highlight the ongoing challenge of protecting decentralized platforms that often manage vast sums of user assets.
Industry Response and Outlook
The industry is responding with increased investment in auditing, bug bounty programs, and real-time monitoring tools. Exchanges and DeFi protocols are also collaborating more closely with security firms to trace stolen funds and recover assets. While September’s decline offers cautious optimism, experts warn that attackers are constantly evolving their methods. Sustained progress will depend on proactive defenses, regulatory clarity, and continued innovation in blockchain security.