August 2025: $163M Ripped Out Of Crypto In One Month, Brutal Records

Crypto’s headline this August is simple and ugly: 16 major exploits , $163 million stolen. That’s a 15% rise from July’s $142M, per ￰0￱ attacks hit wallets, exchanges, and DeFi ￰1￱ message is blunt: security still ￰2￱ five hits, quick list 1. $BTC Holder, $91.4M 2. Btcturk, $54M 3. ODIN•FUN, $7M 4.

BetterBank. io, $5M ￰3￱ Finance, $4.5M That’s the leaderboard for ￰4￱ lays it out. #PeckShieldAlert In August 2025, ~16 major crypto exploits were recorded, resulting in total losses of $163M—a 15% increase from July's $142M. Notably, @btcturk suffered its second major breach in just over a year, losing over $50M after a $54M hack in June 2024., bringing their… ￰5￱ — PeckShieldAlert (@PeckShieldAlert) September 1, 2025 $91.4M, Phishing on steroids This was a personal account. A ￰6￱ attack reads like classic social engineering turned industrial ￰7￱ posed as exchange ￰8￱ also pretended to be hardware-wallet ￰9￱ asked for the ￰10￱ victim gave ￰11￱ attackers moved ￰12￱ laundered through Wasabi Wallet to blur the ￰13￱ lesson: no legitimate support team ever asks for your seed ￰14￱ it ￰15￱ it ￰16￱ quick context on BTC price and size of the prize: Bitcoin remains the market’s biggest asset, see CoinMarketCap snapshot for real-time numbers.

Btcturk, hot-wallet collapse, again Btcturk got hit ￰17￱ is their second large breach in just over a ￰18￱ August incident cost roughly $48–$54M depending on on-chain tracing and ￰19￱ stacks with their June 2024 loss of about $54M. Together, the hits push Btcturk’s cumulative losses north of $100M. Vartcall called it a textbook example of centralized custody ￰20￱ happened? Attackers breached internal ￰21￱ grabbed ￰22￱ drained hot ￰23￱ ￰24￱ storage reportedly remained untouched, but user confidence took a ￰25￱ hot-wallet contract (on-chain): 0xde2faca4bbc0aca08ff04d387c39b6f6325bf82a Example drain transaction: 0xb191ec12f7e579b29840429940ca9a5049cc5cdf6c6904e607992323e6276931 Short lesson: centralized custody = single point of ￰26￱ you don’t hold the keys, you don’t own the ￰27￱ 2025 was brutal for Web3.16 exploits – $163M lost (+15% vs July).

Here’s what happened & the lessons devs must learn ￰28￱ — vartcall (@vartcall) September 1, 2025 ODIN•FUN, reentrancy-style drain ($7M) ODIN•FUN lost $7M to a contract bug that behaved like a reentrancy ￰29￱ contract missed critical withdrawal ￰30￱ called withdraw, then called it again before balances ￰31￱ withdrawals drained ￰32￱ ICP principal IDs tied to the exploit (Internet Computer addresses): urguz-m32zo-jlld6-pyy4l-z3c24-jv4pt-5fmll-gq2xd-6siiz-oxkao-xae jeypm-z6t4p-uqshx-dtay4-qgw5d-ca7j5-alviu-fch2d-nmsnc-c4k3k-aae Short lesson: audit your ￰33￱ OpenZeppelin ￰34￱ the Checks–Effects–Interactions ￰35￱ catch what eyeballs miss. BetterBank.

io, oracle manipulation ($5M) BetterBank fell to a classic oracle manipulation ￰36￱ attacker pumped an illiquid token’s price, borrowed heavily against it, then let the price ￰37￱ protocol’s lending checks failed to catch the artificial spike. Lesson: secure price ￰38￱ decentralized, tamper-resistant oracles (Chainlink or equivalent). Add limits and oracle sanity checks to reject flash-price ￰39￱ Finance, flash loan + broken economics ($4.5M) CrediX lost about $4.5M when flash loans met weak collateral ￰40￱ protocol didn’t account for extreme, fast price ￰41￱ used instant liquidity to manipulate variables and exploit the contract’s flawed assumptions.

Lesson: stress-test your economic ￰42￱ flash loan ￰43￱ worst-case price ￰44￱ contracts aren’t safe by ￰45￱ the patterns tell us Across these incidents there are recurring threads: Social engineering works. It’s cheap and ￰46￱ and protocols are ￰47￱ wallets remain prime ￰48￱ custody concentrates ￰49￱ logic ￰50￱ missing check can enable a multi-million-dollar ￰51￱ and economic models are ￰52￱ loans and illiquid pairs are a ￰53￱ the basics and you cut the attack ￰54￱ ￰55￱ teams matter. Multi-sig, hardware security modules, and time-locked withdrawals reduce blast ￰56￱ CoinMarketCap snapshot (context) Bitcoin (BTC), rank 1 , market cap and trading numbers vary minute-to-minute; use CoinMarketCap for live snapshot and historical ￰57￱ Take, Harsh But Fair August’s $163M is not just a number.

It’s a ￰58￱ industry repeats avoidable ￰59￱ losses come from innovation ￰60￱ come from sloppy ￰61￱ you’re building: assume attackers will probe your edge ￰62￱ you run an exchange: treat keys like crown ￰63￱ you hold coins: use self-custody for meaningful sums and multi-sig for shared ￰64￱ the original thread for the breakdown and follow-ups: PeckShieldAlert’s post contains the monthly tally and the top ￰65￱ check the on-chain traces and reporting on Btcturk for transaction-level details. Disclosure: This is not trading or investment ￰66￱ do your research before buying any cryptocurrency or investing in any ￰67￱ us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !