The cryptocurrency industry faced another tough month in July, with hackers and scammers siphoning off at least $142 million across 17 separate incidents, according to blockchain security firm PeckShield. The sharp rise marks a 27% increase from the $111 million in losses recorded in June, though it's still well below the $266 million stolen during the same month last year.
#PeckShieldAlert In July 2025, ~17 major crypto hacks were recorded, resulting in total losses of $142M—a 27.2% increase (from $111.6M in June). Notably, the #GMX exploiter has returned ~$40.5M worth of cryptos, including 10K ETH and 10.5M $FRAX.#Top5 Hacks in July 2025:… pic.twitter.com/Y5VLUILq5Z
— PeckShieldAlert (@PeckShieldAlert) August 1, 2025
Leading the July figures was Indian crypto exchange CoinDCX, which lost an estimated $44 million in what CEO Sumit Gupta described as a “sophisticated server breach.” Indian authorities have since arrested a CoinDCX employee in connection with the attack, though further details remain under investigation.
Just two days earlier, on July 16, another exchange—BigONE—was targeted in a third-party breach that compromised its hot wallet infrastructure, resulting in a $27 million loss. On July 24, WOO X, a crypto trading platform, was hit with a $14 million exploit traced back to a phishing attack.
🚨 WOO X, a Taiwanese crypto trading platform, was hit by a $14 million hack in July 2025 😱
— Halborn (@HalbornSecurity) July 30, 2025
The attacker used a phishing attack on a team member to access the platform's development environment and make malicious withdrawal requests 💸
📰 Read more 👇
According to Rob Behnke, chairman of blockchain security firm Halborn, the WOO X attack began with social engineering—a tactic where attackers trick a team member into compromising their own system. Once the attacker gained access to the employee's device, they infiltrated the development environment and executed multiple fraudulent transactions over two hours before being detected. WOO X has since restored affected balances using funds from its treasury.
Rob Behnke
PeckShield noted that the attacker behind the $40 million July 11 exploit of GMX v1, a decentralized exchange, returned the stolen funds just days after the incident—an uncommon but not unheard-of outcome in DeFi-related breaches.
Despite the monthly increase, the overall trend remains less severe than last year, largely due to the absence of a single, massive exploit like the $230 million WazirX breach seen in July 2024.
Security experts are sounding the alarm about a shift in hacker strategy. Rather than targeting vulnerabilities in smart contracts—which are more easily audited and patched—attackers are increasingly going after offchain systems, such as internal infrastructure and development tools.
“As DeFi hackers grow more sophisticated and increasingly target backend systems and infrastructure, projects need to implement stronger security controls and tighter internal processes,” Behnke said.
July’s crypto hacks serve as a stark reminder that the digital asset industry remains in the crosshairs of increasingly sophisticated attackers. With backend systems emerging as prime targets, platforms must look beyond smart contract audits and focus on comprehensive cybersecurity strategies to stay ahead of evolving threats.
