Crypto Hacks Drop 22% in September 2025, but $127M Still Lost to Exploits

Blockchain security firm PeckShield has revealed that there were about 20 major crypto exploits in September 2025 that cost users and projects $127 ￰0￱ the total is down 22% from the $163 million that was stolen in August, it still shows how much hackers are hurting the digital asset sector. UXLINK, SwissBorg, and Venus Lead September’s Biggest Losses In an October 2 post on X, PeckShield flagged UXLINK’s $44 million exploit as last month’s ￰1￱ social Web3 project was first hit on September 22 when bad actors manipulated its multi-signature wallet, stripping away admin controls and draining $11.3 ￰2￱ after, attackers minted billions of new UXLINK tokens on Arbitrum, nearly doubling the supply and sending the token’s price down more than 70%.

Despite efforts by exchanges such as Upbit to freeze assets, most of the stolen funds remain in the attackers’ wallets. Elsewhere, Swiss wealth management platform SwissBorg lost about $41.5 ￰3￱ breach happened because Kiln, a trusted third party that handles Solana (SOL) staking, was attacked in the supply ￰4￱ hacker was able to take control of almost 193,000 SOL by hiding malicious instructions inside what looked like a normal unstaking request. A phishing scam also shook the Venus lending platform on September ￰5￱ that incident, a victim lost about $13 million after being tricked into a fake Zoom meeting, which let attackers take over their device and change their wallet ￰6￱ quickly stopped operations and then forcibly closed the criminal’s positions to get the stolen money ￰7￱ exploits listed by Peckshield included an incident on the Yala stablecoin protocol that led to the loss of $7.6 million, and GriffAI, which lost $3 million in a smaller but more targeted attack.

A Year of Heavy Losses Despite Recent Decline Even with September’s dip, 2025 has already shaped up as one of the most damaging years for crypto security. Hacken, a blockchain security firm, said in July that over $3.1 billion had been stolen in the first half of the year alone, which is more than the full-year total of $2.85 billion in 2024. A lot of this was due to large-scale access control failures, like the $1.5 billion Bybit incident in the first ￰8￱ pattern shows that two things are getting worse: attackers are using backdoors or privileged access points that have been missed by security teams, and users are still falling for social-engineering ￰9￱ have noted that unless platforms invest more heavily in hardened access control, independent audits, and user education, September’s dip may prove temporary in what remains a record-breaking year for crypto crime.