The hacking losses decrease despite high -value record incidents
Crypto Security took an interesting turn in the third quarter. The total funds lost to hacks and exploits dropped by almost 37%, from $ 803 million in the second quarter to $ 509 million in the third quarter. It is a fairly significant improvement, especially if we consider that the first quarter saw nearly $ 1.7 billion stolen.
What is particularly interesting is how the nature of the attacks has changed. Code vulnerability losses increased from $ 272 million to only $ 78 million. This suggests that the industry may improve better to get smart contracts, or perhaps attackers find targets easier elsewhere.
But here is the strange part – September has in fact set a new record for incidents of a million dollars. There were 16 hacks exceeding $ 1 million, the highest monthly figure ever recorded. The previous record was 14 incidents in March 2024.
Attackers focus on exchanges and wallets
Centralized exchanges took the greatest success during the quarter, with $ 182 million stolen. It is a disturbing trend. A spokesperson for Certik said that DEFI exchanges and projects remain “lucrative objectives for attackers, in particular for groups sponsored by the State”.
Hacken’s analysis has echoed this, noting that CEXs were the main targets, compromised by “sophisticated phishing and social engineering to access multisig and hot wallets”. It seems that the attackers are moving away from complex code exploits and rather focus on human weaknesses.
DEFI projects arrived second with $ 86 million lost. The GMX V1 Dex Hack was one of the largest with $ 40 million, although the hacker has in fact returned the funds after receiving a $ 5 million bonus. It becomes more common these days – the pirates take premiums rather than trying to withdraw stolen funds.
North Korean threat and operational security
Hacken CEO, Yevheniia Broshevan, underlined something about – about half of the stolen funds during the third quarter went to North Korean hacking operations. It is a thought that gives to think. These groups sponsored by the state remain the greatest threat to the ecosystem.
Broshevan noted that tactics go from simple phishing to “multilayer operational compromises”. She called this “alarm clock” for centralized platforms and users exploring emerging channels such as hyperliquid to “double operational safety and reasonable diligence”.
Hacken also warned users to pay attention to new ecosystems, pointing incidents on the hyperliquid chain, including the hypervault feat and the hyperdrive carpet at the end of the neighborhood.
Mixed signals but some progress
Despite the increase in incidents of $ 1 million, the overall image shows an improvement. The 37% drop in total losses combined with a 71% drop in code operating incidents suggests that industry efforts to tighten code bases could actually work.
It’s a bit of a mixed bag. Although we see fewer exploits of massive code, the attackers find new ways to target portfolios and operational security. The record number of high -value incidents in September shows that the landscape of threats is evolving rather than disappearing.
The most encouraging sign may be that there were no 100 million dollars mega-hakes during the quarter. The attackers seem to focus rather on medium -sized exploits. This could indicate that safety measures make the targets that are most difficult to reach.
However, the North Korean groups representing half of the losses and new channels becoming targets, there is clearly no room for complacency. The game has changed, but the players are always very in the field.
