Crypto exploits surged 15% in August, hitting $163M

Crypto exploits surged in August, rising 15% from July as centralized exchanges and decentralized finance platforms faced mounting vulnerabilities.

Crypto security firm PeckShield reported on Sept. 1 that $163 million was lost to hacks and exploits in August 2025, a 15% jump from July’s $142 million. The tally came from around 16 incidents, with the bulk of losses concentrated in a handful of high-profile breaches.

Major crypto exploits drive losses

The most damaging case involved a long-time Bitcoin (BTC) holder who lost $91.4 million in stolen BTC. Turkey’s largest exchange BtcTurk was also hit again, suffering a $48–54 million breach on Aug.18 tied to compromised hot-wallet keys.

It marked the platform’s second major security failure in just over a year, following a $54 million theft in June 2024, bringing its cumulative losses above $100 million. PeckShield noted laundering patterns consistent with North Korea’s Lazarus Group.

Other incidents included ODIN•FUN ($7 million), BetterBank.io ($5 million), and CrediX Finance on the Sonic (S) blockchain ($4.5 million). The CrediX case demonstrated the growing prevalence of multi-layered attacks that trick signers into authorizing malicious transactions by exploiting access-control flaws and social engineering.

https://twitter.com/PeckShieldAlert/status/1962362569555157316?ref_src=twsrc%5Etfw” target=”_blank

Compared to the 17 exploits in July, including a $44 million CoinDCX breach, August saw fewer but more concentrated losses across infrastructure and centralized exchanges.

Rising severity of 2025 exploits

According to PeckShield’s previously relmid-year analysis, 2025 attacks are becoming more destructive even though they are occurring less frequently. The average losses per exploit rose to $7.18 million in H1 2025, more than twice the average of $3.1 million in H1 2024.

Access control vulnerabilities, including private key theft and malicious approval schemes, accounted for more than 78% of H1 losses. Another 23% was added by social engineering attacks. Recovery rates are still low, with 7–8% of stolen assets recovered.

A significant portion of thefts were attributed to Lazarus and other state-affiliated organizations, frequently transferring money through mixers and cross-chain bridges in a matter of hours. 

Analysts warn that the shift to human-targeted exploits, accelerated fund laundering, and geopolitical activity make recovery more challenging than before. To contain the trend, PeckShield and security companies advise multi-signature wallets, AI-powered anomaly detection, and industry-wide intelligence sharing.