Crypto Exploits Hit Record High in September 2025

Blockchain security firm CertiK has identified September 2025 as a record-breaking month for cryptocurrency exploits, with 16 separate incidents each causing at least $1 million in losses. This figure represents the highest monthly count of million-dollar security incidents since CertiK began tracking on-chain security events, underscoring the persistent vulnerability of the digital asset ecosystem. The alarming statistic excludes phishing scams, focusing instead on major hacks, protocol-level breaches, rug pulls, and smart contract vulnerabilities that directly target core infrastructure.

The September surge in crypto hacks pulled the year-to-date average for 2025 to nearly six million-dollar security incidents per month. Despite this recent spike, the current average remains below the historical benchmarks of over eight incidents per month recorded during the past two years. This mixed picture suggests that while security challenges persist, the industry may be making some progress in containing the frequency of major breaches over the longer term.

The third quarter of 2025 presented a complex security landscape with notable improvements in some areas alongside persistent challenges in others. Losses from code vulnerabilities saw a dramatic decline, dropping from $272 million in Q2 to $78 million in Q3, representing a 71% reduction. This significant improvement suggests that enhanced smart contract auditing and security practices may be yielding tangible results in protecting against technical vulnerabilities.

Centralized exchanges witnessed the largest share of losses in Q3, suffering a staggering $182 million in exploits. Meanwhile, DeFi protocols lost $86 million during the same period, including a notable $40 million exploit at GMX v1. The GMX incident demonstrated a positive development in the ecosystem, as the funds were later repaid following a bounty agreement, showing that some protocols are establishing effective recovery mechanisms for major security breaches.

The same timeframe also witnessed phishing-related losses declining, indicating that user education and security awareness campaigns may be having an impact. However, the concentration of losses in centralized exchanges highlights ongoing security weaknesses in traditional crypto infrastructure, despite the technical improvements seen in decentralized protocols.

The September exploit surge occurs against a backdrop of concerning industry-wide trends. According to a July report by Chainalysis, crypto thieves plundered an unprecedented $2.17 billion in digital assets during the first six months of 2025, already surpassing 2024’s full-year tally. This alarming acceleration in total stolen value indicates that while the frequency of incidents may be moderating year-over-year, the scale of individual exploits is growing substantially.

Chainalysis also identified evolving tactics among crypto criminals, noting that hackers in 2025 have spent, on average, 14.5 times the typical on-chain transaction fee to move funds quickly through mixers, privacy chains, and cross-chain bridges. This represents a major surge from 2.6 times in 2021, indicating that attackers are increasingly willing to pay premium costs to obscure fund movements and evade tracking, presenting new challenges for security firms and law enforcement.

The security landscape is further complicated by regulatory developments and industry responses. Companies like Coinbase are navigating complex regulatory environments, as evidenced by their legal actions and staking services, while jurisdictions like Colombia are implementing new transaction reporting requirements. These developments reflect the growing maturity of the crypto ecosystem but also highlight the ongoing tension between innovation, security, and regulatory compliance.