The total funds lost against hacks and cryptographic exploits dropped by almost 37% in the third quarter, while malicious actors passed their approach to intelligent contract attacks on compromises focused on portfolio and operational violations.
According to data from the blockchain security company, Certik shared with Cintelelelegraph, initial losses went from $ 803 million in the second quarter to $ 509 million in the third quarter, a drop of 37%. Compared to the first quarter, when the pirates stole nearly $ 1.7 billion, Q3 losses decreased by more than 70%.
Certik said the losses of the code vulnerabilities have dropped sharply, from $ 272 million in the second quarter to $ 78 million in quarter, while phishing losses have also decreased despite a similar number of incidents.
The drop in losses against pirates occurred despite a September record, which saw the highest monthly number of incidents to a million dollars never recorded.
September sets a new record for incidents of a million dollars
September stood out as the most active month for high value hacks, with 16 incidents exceeding $ 1 million, the highest monthly figure ever recorded. In comparison, the previous monthly record was 14 incidents in March 2024.
The overvoltage of September pulled the average of the year of the start of the year for 2025 to almost six security incidents per month, which is still less than the average of more than eight incidents in 2024 and 2023.
Analysts noted that although there are no 100 million dollars mega-hangers during the quarter, the attackers focused on medium-sized exploits.
Exchanges, deffi and new channels in the reticle
Certik data showed that centralized exchanges had the most losses during the quarter, with $ 182 million stolen.
“The exchanges, as well as for the DEFI projects, continue to be lucrative objectives for the attackers, in particular for the groups sponsored by the State,” said a spokesperson for Certik in Cointelegraph, adding that the complex nature of decentralization of finance (DEFI) always uses hackers.
The blockchain security company, Hacken, shared a similar analysis, signaling centralized exchanges (CEX) as the highest targets in the third quarter.
“The CEX were the main targets, compromised by sophisticated phishing and social engineering to access multisig and hot wallets,” the hacking team in Cointelegraph told.
The DEFI projects arrived second, with $ 86 million lost against the hacks in the third quarter. One of the biggest exploits was the GMX V1 decentralized Exchange (DEX) hack, resulting in a loss of $ 40 million. However, the pirate returned the funds after receiving a $ 5 million bonus.
“Users must be extremely cautious when they get involved with new ecosystems as a hyperliquid.”
Hacken warned users to be careful when they get involved with new ecosystems. The security company said new incidents had emerged on the hyperliquid chain, including the hypervault feat and the hyperdrive carpet towards the end of the quarter.
In relation: The United Kingdom weighs whether the victims of the fraud program in China obtain a current value of 61k bitcoin seized
Hacken CEO says that Double Down on Operational Security
Hacken CEO Yevheniia Broshevan told Cintelegraph that Q3 has shown that Coire-Units in North Korea remained the greatest threat to the ecosystem. Broshevan said that around half of the stolen funds during the quarter had been lost in North Korean hacking operations.
She added that the pirate tactics passed from phishing attacks to multilayer operational compromises. Broshevan urged centralized platforms and users to be more vigilant.
“This is an alarm clock,” she said. “Platforms and centralized users exploring emerging channels and hyperliquids must double operational security and reasonable diligence, or they will continue to be the easiest entry points for attackers.”
Despite the increase in incidents of $ 1 million, the 37% drop in the quarter of total losses and a corresponding drop of 71% of code operating incidents offered some optimism. Data suggest that industry -scale efforts to harden code bases can be chargeable.
Review: How do the main religions of the world see bitcoin and cryptocurrency?
