Funds lost to attacks reduced by 22% last month to $127M, but 2025 is still shaping up as one of the most damaging years for Web3 security.
Blockchain security firm PeckShield has revealed that there were about 20 major crypto exploits in September 2025 that cost users and projects $127 million.
While the total is down 22% from the $163 million that was stolen in August, it still shows how much hackers are hurting the digital asset sector.
UXLINK, SwissBorg, and Venus Lead September’s Biggest Losses
In an October 2 post on X, PeckShield flagged UXLINK’s $44 million exploit as last month’s largest. The social Web3 project was first hit on September 22 when bad actors manipulated its multi-signature wallet, stripping away admin controls and draining $11.3 million.
Soon after, attackers minted billions of new UXLINK tokens on Arbitrum, nearly doubling the supply and sending the token’s price down more than 70%. Despite efforts by exchanges such as Upbit to freeze assets, most of the stolen funds remain in the attackers’ wallets.
Elsewhere, Swiss wealth management platform SwissBorg lost about $41.5 million. The breach happened because Kiln, a trusted third party that handles Solana (SOL) staking, was attacked in the supply chain. The hacker was able to take control of almost 193,000 SOL by hiding malicious instructions inside what looked like a normal unstaking request.
A phishing scam also shook the Venus lending platform on September 2. In that incident, a victim lost about $13 million after being tricked into a fake Zoom meeting, which let attackers take over their device and change their wallet code. Venus quickly stopped operations and then forcibly closed the criminal’s positions to get the stolen money back.
Other exploits listed by Peckshield included an incident on the Yala stablecoin protocol that led to the loss of $7.6 million, and GriffAI, which lost $3 million in a smaller but more targeted attack.
You may also like:
A Year of Heavy Losses Despite Recent Decline
Even with September’s dip, 2025 has already shaped up as one of the most damaging years for crypto security. Hacken, a blockchain security firm, said in July that over $3.1 billion had been stolen in the first half of the year alone, which is more than the full-year total of $2.85 billion in 2024. A lot of this was due to large-scale access control failures, like the $1.5 billion Bybit incident in the first quarter.
The pattern shows that two things are getting worse: attackers are using backdoors or privileged access points that have been missed by security teams, and users are still falling for social-engineering traps. Analysts have noted that unless platforms invest more heavily in hardened access control, independent audits, and user education, September’s dip may prove temporary in what remains a record-breaking year for crypto crime.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
