Crypto exploiters see $127M haul in September, as Q3 numbers hit $307M, $2.55B in 2025

Crypto exploits in September slowed down by 22%, for a total theft of $127M. There were about 22 major hacks against multiple protocols and personal wallets reported during the ￰0￱ exploits in September slowed down compared to the levels from the previous ￰1￱ this, the losses from the period reached $127M, from 20 major ￰2￱ on Peckshield statistics, September was a relatively slow month for hackers, after August’s theft of $163M. Overall, hacks and exploits are rarer, though some of the attacks are more ￰3￱ exploits targeted smart contract vulnerabilities The most prominent hack for the month was UXLink, with estimated losses of $44M to $48M. The hack was also a double loss, as the exploiter fell prey to another phishing scam, as Cryptopolitan ￰4￱ SwissBorg DEX, losing over $41M, was also among the top hacks for the ￰5￱ losses were smaller, though a single user lost $13.5M to a phishing ￰6￱ funds were later ￰7￱ protocols Yala and GriffAI lost another $10.64M in ￰8￱ last two months showed hackers were ready to take a detailed look at loopholes in smart ￰9￱ against decentralized infrastructure included unauthorized token minting , flawed price data, and unauthorized stablecoin ￰10￱ of the exploits resembled previous activity from DPRK hackers, as the funds were swapped into ETH and immediately ￰11￱ September, the crypto space was sent into a full panic after the hack of one of the leading npm package repositories.

However, the hack ended up stealing just over $1,000 in crypto before apps were patched with safe npm ￰12￱ this, supply-chain attacks were still a threat, especially for centralized ￰13￱ theft returned in 2025 In total, the whole of Q3 had around $307M stolen through exploits of various ￰14￱ the year to date, hacks total over $2.55B, including the Bybit ￰15￱ are changing, with a mix of malicious front ends, wallet drainers, and deliberate smart contract ￰16￱ Q3, the total haul was a result of mid-sized or small ￰17￱ the entire quarter, the hacking of the BTCTurk exchange for $54M was the biggest ￰18￱ third quarter passed without a major exchange hack, potentially signaling better security or a shift in hackers’ ￰19￱ centralized exchanges cooperate with authorities, hacking in Web3 and DeFi protocols is harder to ￰20￱ on Polymarket predictions, the odds of another $100M or over hack are relatively small.

However, the black swan event could immediately sway the prediction ￰21￱ with slower hacking activity, exploit wallets are busy laundering their ￰22￱ the past quarter, deposits and withdrawals on Tornado Cash have accelerated, tripling since their lows in ￰23￱ Cash activity picked up in Q3, as older exploit wallets laundered their funds, while new hackers were quick to swap into ETH and use the mixer. |