Crypto Hacks Drop 22% in September But $127M Lost

UXLINK suffered the month’s largest single exploit at $44 million, beginning on September 22 when attackers manipulated the social Web3 project’s multi-signature wallet, stripping away admin controls and draining $11.3 million. The situation escalated when attackers minted billions of new UXLINK tokens on Arbitrum, nearly doubling the token supply and causing its price to plummet more than 70%. Despite intervention from exchanges including Upbit to freeze assets, most of the stolen funds remain in the attackers’ wallets, highlighting the challenges of recovering stolen cryptocurrency once it enters the broader ecosystem.

Swiss wealth management platform SwissBorg experienced a $41.5 million loss through a sophisticated supply chain attack. The breach occurred when Kiln, a trusted third-party Solana staking provider, was compromised. The attacker hid malicious instructions within what appeared to be normal unstaking requests, enabling them to take control of nearly 193,000 SOL. This incident demonstrates how vulnerabilities in third-party service providers can create critical security weaknesses even for platforms with robust internal security measures.

The Venus lending protocol fell victim to a $13 million phishing scam on September 2, where an individual was tricked into joining a fake Zoom meeting. This allowed attackers to take control of the victim’s device and modify their wallet code. Venus Protocol responded swiftly by halting operations and forcibly closing the criminal’s positions to recover the stolen funds. This case illustrates how social engineering remains an effective attack vector despite technological security improvements.

Beyond the three major breaches, PeckShield documented several other significant exploits throughout September. The Yala stablecoin protocol suffered a $7.6 million loss, while GriffAI experienced a $3 million theft in what security analysts described as a smaller but more targeted attack. These incidents, though receiving less attention than the massive UXLINK and SwissBorg exploits, demonstrate that security vulnerabilities affect projects of all sizes across the cryptocurrency ecosystem.

The diversity of attack methods employed in September reveals the multifaceted nature of crypto security threats. From multi-signature wallet manipulation at UXLINK and supply chain attacks affecting SwissBorg to social engineering schemes targeting Venus users, attackers continue to exploit both technical vulnerabilities and human factors. This pattern suggests that comprehensive security strategies must address both technological weaknesses and user education to effectively protect digital assets.

Despite September’s 22% decline in stolen funds compared to August, 2025 continues to track as one of the most damaging years for cryptocurrency security. Blockchain security firm Hacken reported in July that over $3.1 billion had been stolen in the first half of the year alone, already exceeding 2024’s full-year total of $2.85 billion. This alarming trend indicates that the temporary dip in September may represent merely a fluctuation rather than a fundamental improvement in ecosystem security.

The scale of losses in 2025 has been driven largely by massive access control failures, most notably the $1.5 billion Bybit incident in the first quarter. Security analysts have identified two worsening trends: attackers increasingly exploiting backdoors or privileged access points that security teams have overlooked, and users continuing to fall for sophisticated social-engineering traps. These patterns suggest that both technical security measures and user awareness require significant enhancement.

Industry experts warn that without substantial investment in hardened access controls, independent security audits, and comprehensive user education programs, September’s modest improvement may prove temporary. The persistent security challenges across platforms like UXLINK, SwissBorg, and Venus demonstrate that the cryptocurrency industry must address both technological vulnerabilities and human factors to achieve meaningful, lasting security improvements in what remains a record-breaking year for crypto crime.