TL;DR
- Losses from hacks dropped 37% in the third quarter, totaling $509 million, well below the $1.7 billion seen in Q1.
- Centralized exchanges were the main target, losing $182 million, while DeFi projects recorded $86 million in damages.
- North Korea was behind nearly half of the stolen funds, with attacks that have grown more sophisticated, shifting from simple phishing to layered operations.
Losses from crypto hacks fell sharply in the third quarter of 2025, according to data from CertiK. Total damages dropped from $803 million in Q2 to $509 million in Q3, a decline of 37%.
Compared to Q1, when attacks topped $1.7 billion, cumulative losses are down more than 70%. The main difference was the absence of single exploits above $100 million, which pushed hackers to focus on mid-sized incidents instead.
Losses linked to code exploits plunged from $272 million in Q2 to just $78 million in Q3, showing a marked decline in this type of attack. Phishing-related theft also fell in terms of value, even though the number of cases remained similar. Still, September set a new monthly record with 16 hacks each surpassing $1 million, above the previous high of 14 recorded in March 2024.
CEX Were the Main Criminal Target
Centralized exchanges were the biggest targets, with hackers stealing $182 million from these platforms. Phishing and social engineering attacks also increased, allowing criminals to compromise multisig and hot wallets. DeFi projects lost $86 million during the quarter, including a $40 million exploit of GMX v1 that ended with the attacker returning the funds after receiving a $5 million bounty.
Several new ecosystems also came under attack. Hyperliquid suffered a HyperVault exploit and the HyperDrive rug pull, which spread panic among users and highlighted the risks of interacting with emerging chains.
North Korean Hackers Are Growing More Sophisticated
According to Hacken CEO Yevheniia Broshevan, North Korean cyber units remain the biggest threat to the industry and its users, responsible for nearly half of all stolen funds in the quarter. She noted that their methods are becoming increasingly complex, evolving from basic phishing into multi-layered operational compromises.
While the quarter saw an increase in million-dollar hacks, the overall drop in losses and the decline in code exploits suggest that efforts to strengthen protocols and codebases may actually be paying off.
