Hack Losses Decline Despite Record High-Value Incidents
Crypto security took an interesting turn in the third quarter. The total funds lost to hacks and exploits fell by nearly 37%, dropping from $803 million in Q2 to $509 million in Q3. That’s quite a significant improvement, especially when you consider that Q1 saw nearly $1.7 billion stolen.
What’s particularly interesting is how the nature of attacks changed. Code vulnerability losses plummeted from $272 million to just $78 million. That suggests maybe the industry is getting better at securing smart contracts, or perhaps attackers are finding easier targets elsewhere.
But here’s the strange part – September actually set a new record for million-dollar incidents. There were 16 hacks exceeding $1 million, the highest monthly figure ever recorded. The previous record was 14 incidents back in March 2024.
Attackers Shift Focus to Exchanges and Wallets
Centralized exchanges took the biggest hit during the quarter, with $182 million stolen. That’s a worrying trend. A CertiK spokesperson mentioned that exchanges and DeFi projects remain “lucrative targets for attackers, particularly for state-sponsored groups.”
Hacken’s analysis echoed this, noting that CEXs were the primary targets, compromised through “sophisticated phishing and social engineering to access multisig and hot wallets.” It seems attackers are moving away from complex code exploits and focusing on human weaknesses instead.
DeFi projects came in second with $86 million lost. The GMX v1 DEX hack was one of the largest at $40 million, though the hacker actually returned the funds after receiving a $5 million bounty. That’s becoming more common these days – hackers taking bounties rather than trying to cash out stolen funds.
North Korean Threat and Operational Security
Hacken CEO Yevheniia Broshevan pointed out something concerning – about half of the stolen funds during Q3 went to North Korean hacking operations. That’s a sobering thought. These state-sponsored groups remain the single biggest threat to the ecosystem.
Broshevan noted that tactics are evolving from simple phishing to “multi-layered operational compromises.” She called it a “wake-up call” for centralized platforms and users exploring emerging chains like Hyperliquid to “double down on operational security and due diligence.”
Hacken also warned users to be careful with new ecosystems, pointing to incidents on the Hyperliquid chain including the HyperVault exploit and HyperDrive rug pull toward the quarter’s end.
Mixed Signals but Some Progress
Despite the rise in million-dollar incidents, the overall picture shows improvement. The 37% decline in total losses combined with a 71% drop in code exploit incidents suggests that industry efforts to harden codebases might actually be working.
It’s a bit of a mixed bag though. While we’re seeing fewer massive code exploits, attackers are finding new ways to target wallets and operational security. The record number of high-value incidents in September shows that the threat landscape is evolving rather than disappearing.
Perhaps the most encouraging sign is that there were no $100 million mega-hacks during the quarter. Attackers seem to be focusing on mid-sized exploits instead. That might indicate that security measures are making the biggest targets harder to hit.
Still, with North Korean groups accounting for half the losses and new chains becoming targets, there’s clearly no room for complacency. The game has changed, but the players are still very much in the field.
