Crypto exploits surged in August, rising 15% from July as centralized exchanges and decentralized finance platforms faced mounting vulnerabilities.
Summary
- August 2025 saw ~$163M lost in 16 exploits, up 15% from July.
- Major cases included a $91M BTC theft and BtcTurk’s $48M breach.
- PeckShield data shows 2025 losses could surpass $4B, with state actors involved.
Crypto security firm PeckShield reported on Sept. 1 that $163 million was lost to hacks and exploits in August 2025, a 15% jump from July’s $142 million. The tally came from around 16 incidents, with the bulk of losses concentrated in a handful of high-profile breaches.
Major crypto exploits drive losses
The most damaging case involved a long-time Bitcoin (BTC) holder who lost $91.4 million in stolen BTC. Turkey’s largest exchange BtcTurk was also hit again, suffering a $48–54 million breach on Aug.18 tied to compromised hot-wallet keys.
It marked the platform’s second major security failure in just over a year, following a $54 million theft in June 2024, bringing its cumulative losses above $100 million. PeckShield noted laundering patterns consistent with North Korea’s Lazarus Group.
Other incidents included ODIN•FUN ($7 million), BetterBank.io ($5 million), and CrediX Finance on the Sonic (S) blockchain ($4.5 million). The CrediX case demonstrated the growing prevalence of multi-layered attacks that trick signers into authorizing malicious transactions by exploiting access-control flaws and social engineering.
Compared to the 17 exploits in July, including a $44 million CoinDCX breach, August saw fewer but more concentrated losses across infrastructure and centralized exchanges.
Rising severity of 2025 exploits
According to PeckShield’s previously relmid-year analysis, 2025 attacks are becoming more destructive even though they are occurring less frequently. The average losses per exploit rose to $7.18 million in H1 2025, more than twice the average of $3.1 million in H1 2024.
Access control vulnerabilities, including private key theft and malicious approval schemes, accounted for more than 78% of H1 losses. Another 23% was added by social engineering attacks. Recovery rates are still low, with 7–8% of stolen assets recovered.
A significant portion of thefts were attributed to Lazarus and other state-affiliated organizations, frequently transferring money through mixers and cross-chain bridges in a matter of hours.
Analysts warn that the shift to human-targeted exploits, accelerated fund laundering, and geopolitical activity make recovery more challenging than before. To contain the trend, PeckShield and security companies advise multi-signature wallets, AI-powered anomaly detection, and industry-wide intelligence sharing.
