The crypto industry suffered fresh security setbacks in September, with hackers and scammers siphoning off roughly $127.1 million, according to a new report from blockchain security firm PeckShield.
#PeckShieldAlert September 2025 saw ~20 major crypto exploits, resulting in total losses of $127.06M.
— PeckShieldAlert (@PeckShieldAlert) October 2, 2025
This marks a -22% decrease from August's $163M.
In a positive development, ~$13M drained from a Venus user in a #phishing attack has been recovered.
Top 5 Hacks:
🔺 #UXLINK –… pic.twitter.com/ebUYM3Xwnh
The month saw around 20 major security incidents targeting Web3 and decentralized finance (DeFi) platforms. Losses stemmed from a mix of smart contract vulnerabilities, protocol drains, and phishing attacks, hitting both well-established platforms and smaller projects.
Although September’s figure represents a 22% drop from August’s $163 million in losses, the overall damage underscores how deeply security risks remain embedded in the crypto ecosystem.
UXLINK and SwissBorg Among Largest Victims
Two of the most damaging exploits accounted for the majority of losses. Web3 social platform UXLINK was hit hardest, losing $44 million after an attacker exploited its multi-signature wallet to mint billions of unauthorized tokens. The incident triggered a sharp crash in token value before the assets were converted into Ethereum and other cryptocurrencies.
SwissBorg followed closely with a $41.5 million loss, linked to its integration with staking provider Kiln. Attackers exploited an API connection in SwissBorg’s Solana Earn program, draining nearly 193,000 SOL tokens.
Phishing scams also proved costly. Venus Protocol fell victim to one such attack, losing $13.5 million—though part of that amount was later recovered. Other notable breaches included Yala ($7.6 million) and GriffAI ($3 million), highlighting ongoing weaknesses in cross-chain and AI-powered crypto platforms.
#PeckShieldAlert September 2025 saw ~20 major crypto exploits, resulting in total losses of $127.06M.
— PeckShieldAlert (@PeckShieldAlert) October 2, 2025
This marks a -22% decrease from August's $163M.
In a positive development, ~$13M drained from a Venus user in a #phishing attack has been recovered.
Top 5 Hacks:
🔺 #UXLINK –… pic.twitter.com/ebUYM3Xwnh
Together, these top five incidents accounted for most of September’s stolen funds.
A Year of Mounting Crypto Losses
September’s figures add to what has already been a turbulent year for Web3 security. Earlier reports flagged 2025 as one of the most challenging periods yet for DeFi and crypto platforms.
Major incidents this year include the Bybit exploit in February, which resulted in a staggering $1.46 billion loss, and the Infini protocol hack, where $50 million was stolen in a single transaction. In July, Iran-based exchange Nobitex lost $90 million in what was widely reported as a politically motivated breach.
Security Remains an Unfinished Battle
Despite incremental improvements and increased awareness, crypto platforms remain frequent targets of sophisticated attacks. The continued wave of exploits in recent months suggests that protocol-level vulnerabilities, third-party integrations, and phishing campaigns are still major weak points across the industry.
