Skip to main content
Looking for your next role?
October 3, 2025
March 10, 2025

Crypto thefts decline but record September hacks reveal shifting threats in blockchain security

A sharp drop in crypto thefts during Q3 brings cautious optimism, but September’s unprecedented surge in million-dollar exploits is a sobering reminder that blockchain security remains one of the industry’s greatest challenges.

Crypto hack losses drop — but risks remain

New data from blockchain security analysts reveals that total losses in Q3 2025 fell dramatically compared to previous quarters. According to CertiK, the overall amount stolen plunged from $803 million in Q2 to $509 million in Q3 — a 37% decrease. When compared against Q1’s staggering $1.7 billion losses, the sector has witnessed more than a 70% decline.

These reductions stem largely from fewer successful code exploit attacks. Weaknesses in smart contracts cost projects $272 million in Q2, but only $78 million in Q3 — suggesting that security-conscious upgrades and audits are beginning to pay off. Even phishing-related theft dipped, despite the number of attempted incidents remaining steady.

However, resilience in software design hasn’t eliminated risk. Instead, attackers are changing focus, targeting wallets and operations rather than just technical loopholes. And nowhere was this shift more visible than in September.

September sets a troubling record

Despite the quarterly downturn, September alone saw the highest ever monthly count of million-dollar exploits. According to CertiK, no fewer than 16 hacks exceeding $1 million occurred that month, surpassing the previous record of 14 incidents from March 2024.

While there was no headline-grabbing $100 million mega-heist in Q3, attackers were relentless in executing mid-range hits. The result: 2025 is now averaging nearly six multi-million-dollar security incidents a month. That figure still sits below the eight-plus monthly averages seen in both 2023 and 2024 — but the trend indicates that cybercriminals are optimising for consistency rather than shock value.

Centralised exchanges in the firing line

One of the clearest takeaways from the quarter is the vulnerability of centralised exchanges (CEXs). These platforms carried the highest losses, suffering $182 million in thefts. Security firm Hacken echoed CertiK’s findings, noting that sophisticated social engineering and phishing attacks were frequently used to compromise hot and multisig wallets.

DeFi platforms came under parallel pressure, accounting for another $86 million in lost funds. Among the most notable cases was the exploit of the GMX v1 decentralised exchange (DEX), draining $40 million. In an unusual twist, the hacker returned the funds in exchange for a $5 million bounty — a stark reminder of the ongoing “grey morality” within the crypto hacking landscape.

Emerging ecosystems also became prime targets. Hacken flagged vulnerabilities in Hyperliquid’s chain, with incidents including the HyperVault exploit and a rug pull on HyperDrive. These newer ecosystems, still building robust defences, are proving to be easy entry points for attackers.

Operational security over code fixes

Hacken CEO Yevheniia Broshevan reinforced the notion that the real threat is shifting from coding errors to operational weaknesses. She highlighted North Korea’s cyber units as the single greatest force behind Q3 losses — responsible for roughly half of stolen funds.

“This is a wake-up call,” Broshevan warned. “Centralised platforms and users exploring emerging chains like Hyperliquid must double down on operational security and due diligence, or they will continue to be the easiest entry points for attackers.”

She noted that phishing campaigns are being replaced by multi-layered infiltration strategies. This evolution requires exchanges and DeFi providers not only to patch code vulnerabilities, but also to enhance user education, system monitoring, and internal security practices. In many cases, human error and weak safeguards remain the hacker’s preferred gateway.

Signs of hardening defences

While the dramatic rise in million-dollar incidents prompted alarm, there are some positive signals. Losses from “classic” code vulnerabilities dropped by more than 70% compared to earlier in the year, suggesting that ongoing audits, bug bounty programmes, and secure development practices are working.

Industry-wide, a shift toward more pragmatic mitigation efforts is clear. Audit demand is surging, along with calls for specialised blockchain recruitment to fill cybersecurity, compliance, and risk roles. The best crypto recruitment agencies in the UK and abroad are already reporting heightened demand for security-savvy developers, investigators, and operational leads capable of countering these sophisticated strikes.

Crypto recruitment implications

The changing threat landscape is directly impacting crypto recruitment. Businesses need more than blockchain developers — they require:

  • Operational security specialists to prevent lapses in internal processes.
  • Phishing and social engineering analysts who can train staff and protect against attacks.
  • Compliance officers capable of navigating increasing regulatory scrutiny.
  • DeFi security experts who understand complex smart contract protocols and cross-chain risks.

As more projects venture into new ecosystems such as Hyperliquid, DeFi recruitment will be increasingly tied to operational resilience rather than just innovative product design. The industry’s future security and scalability hinge on the ability to attract top crypto talent through skilled blockchain recruitment agencies like Spectrum Search.

The human factor in web3 defence

Technology alone cannot stop the surge of smaller, coordinated attacks. The human factor is becoming increasingly central. With social engineering fuelling incidents such as the $44 million CoindCX heist, crypto firms are underlining the importance of robust culture-building in addition to technical systems. Recruitment agencies specialising in the sector are being called upon to source individuals with both technical skillsets and the soft skills to resist manipulation.

For crypto recruiters and web3 recruitment agencies, the implications are immense: cybersecurity roles are leading hiring priorities, as the fight shifts from protocol design to operations and imitation-proof resilience.