qerranews 
Hack Losses Drop Dramatically in Q3
The crypto industry saw a significant decline in hacking losses during the third quarter of 2025, signaling a notable shift in attacker strategies and industry defenses. According to blockchain security firm CertiK, total funds lost to hacks and exploits dropped by 37%, from $803 million in Q2 to $509 million in Q3. Compared to the staggering $1.7 billion stolen in Q1, this represents a more than 70% decline.
This downward trend reflects a maturing security landscape, as improved smart contract auditing, increased awareness, and enhanced cybersecurity measures begin to show results. However, experts warn that the decline is not a reason to relax. Instead of traditional code-based exploits, attackers are adapting — with a growing focus on wallet compromises, social engineering, and operational breaches.
CertiK data highlights this shift: losses from code vulnerabilities plummeted from $272 million in Q2 to just $78 million in Q3. Even phishing-related thefts declined, despite the number of incidents remaining consistent. The industry’s collective focus on smart contract security seems to be paying off — but the battle is far from over.
September Breaks Million-Dollar Incident Record
Despite the positive quarterly numbers, September 2025 turned out to be the most active month ever recorded for high-value hacks. The month saw 16 incidents exceeding $1 million, breaking the previous record of 14 set in March 2024. This surge brought the 2025 year-to-date average to nearly six million-dollar incidents per month. Although this is still below the averages of over eight per month seen in 2024 and 2023, the upward trend suggests attackers are targeting mid-sized exploits instead of pursuing fewer, massive heists.
Analysts believe that the absence of “mega hacks” — those exceeding $100 million — is a positive sign that large-scale systemic vulnerabilities are becoming rarer. However, the growing number of medium-sized attacks indicates that cybercriminals are diversifying their tactics, exploiting smaller weaknesses across multiple platforms rather than relying on one massive breach.
This “spray and steal” approach underscores a crucial point: while total losses may be declining, the frequency of incidents remains high. As long as multiple entry points exist — particularly through wallet exploits, operational lapses, and user errors — attackers will continue to exploit them.
Exchanges and DeFi Under Fire
Centralized exchanges (CEXs) emerged as the biggest losers of Q3 2025, with $182 million stolen during the period. According to CertiK and fellow security firm Hacken, exchanges remain lucrative targets, especially for state-sponsored cybercriminals. Their large liquidity pools, combined with human-operated security protocols, make them vulnerable to social engineering, phishing campaigns, and multisig wallet compromises.
“CEXs were the primary targets, compromised through sophisticated phishing and social engineering to access multisig and hot wallets,” Hacken told Cointelegraph.
Decentralized finance (DeFi) platforms came in second, suffering losses of $86 million. One of the most notable incidents was the GMX v1 DEX hack, where $40 million was stolen — though the attacker later returned the funds in exchange for a $5 million bounty.
Newer blockchain ecosystems also saw a rise in exploits, particularly the Hyperliquid chain, which faced the HyperVault exploit and the HyperDrive rug pull toward the end of the quarter. Security experts warn users to exercise caution when engaging with emerging chains that may not yet have robust security measures.
Rising Threat from North Korean Hackers
One of the most concerning findings from Q3 was the continued dominance of North Korean hacking units, which were responsible for nearly half of all stolen funds. According to Hacken CEO Yevheniia Broshevan, these state-sponsored groups have evolved their tactics, moving beyond simple phishing schemes toward multi-layered operational compromises that exploit human error and internal system weaknesses.
“This is a wake-up call,” Broshevan said. “Centralized platforms and users exploring emerging chains like Hyperliquid must double down on operational security and due diligence, or they will continue to be the easiest entry points for attackers.”
This evolution reflects a broader trend in the cybersecurity landscape: as blockchain protocols become harder to exploit, attackers are increasingly targeting the human and operational layers — from compromised employee accounts to poorly managed private keys.
Broshevan emphasized the need for comprehensive security practices, including hardware wallets, multi-factor authentication, and frequent security audits. For platforms, adopting zero-trust architectures, strengthening internal access controls, and conducting red team exercises can significantly reduce the risk of breaches.
A More Secure But Complex Future
While the 37% drop in crypto hack losses is encouraging, the underlying data paints a more complex picture of the evolving threat landscape. Attackers are no longer focusing solely on smart contract vulnerabilities — which have seen a 71% reduction — but are instead targeting wallets, exchanges, and operational weaknesses.
The shift toward smaller, more frequent attacks and the rise of state-sponsored cybercrime highlight the urgent need for the crypto industry to evolve its security posture. Exchanges, DeFi protocols, and wallet providers must continue investing in cyber resilience, while users must adopt best practices to safeguard their assets.
At the same time, regulators and policymakers may need to step up efforts to address state-sponsored crypto theft — a growing national security issue that extends beyond the blockchain ecosystem.
If Q3’s trends continue, the future of crypto security will likely depend less on patching code and more on building a holistic, layered defense strategy — one that addresses not only technological vulnerabilities but also human behavior, operational processes, and global cyber threats.
Conclusion
The sharp decline in crypto hack losses during Q3 2025 is a testament to the industry’s improving security practices. However, the growing sophistication of attackers — particularly their focus on wallet exploits, operational breaches, and social engineering — shows that the battle is far from over. As the ecosystem matures, crypto security will require a multifaceted approach that combines robust code defenses with vigilant operational practices and user awareness.