Digital asset hack losses fall, but attack frequency stays high

Getting your Trinity Audio player ready...

Total funds lost to digital asset hacks and exploits fell by almost 37% in the third quarter (Q3) of 2025, despite the number of incidents remaining high, with September recording the most million-dollar-plus incidents yet. Meanwhile, wallet compromises appear to be a particularly fruitful attack vector.

According to new data from blockchain security firm CertiK, digital asset losses due to hacks dropped from $801 million in Q2 to $509 million in Q3, a 37% decline.

Based on the previous report from CertiK, this represents the continuation of a positive trend, as the just over $801 million lost to hacks across 144 incidents in Q2 marked a roughly 52.1% decrease in value lost compared to the previous quarter, which saw $1.7 billion lost. Based on this, the further drop in Q3 represents a roughly 70% reduction in losses due to hacks since Q1.

This seemingly improving state of affairs appears to belie the overall number of losses in 2025, especially in recent months. Specifically, by Q2 2025, losses already stood at $2.29 billion, surpassing the $1.98 billion in net losses recorded for the whole of 2024; add to this that September saw 16 incidents of over $1 million losses, the highest monthly number of million-dollar-plus incidents recorded to date.

However, CertiK also noted in its Q2 report that while the headline numbers suggest a deteriorating security landscape, it is important to remember that just two incidents account for approximately $1.78 billion of this year’s losses: Bybit and Cetus Protocol.

In the February Bybit hack, North Korean attackers supposedly accessed the exchange’s cold wallet and stole $1.5 billion worth of ETH. At the time, security researchers from Elliptic described it as “almost certainly the single largest known theft of any kind in all time.”

Wallet concerns remain

In less positive news, while hacks may be down, CertiK’s data showed that phishing attacks and wallet compromise remain a problem area.

Phishing, a type of scam that involves tricking victims into giving up their private keys or personal information, accounted for the highest number of security incidents so far this year, with 132 security incidents and $410 million stolen, according to the Cointelegraph report.

Meanwhile, wallet compromises were the costliest attack vector in the first half of 2025, with over $1.7 billion stolen across 34 incidents, according to CertiK. Although, again, $1.5 billion of this can be accounted for by Bybit.

Watch: Digital Asset Recovery takes token recovery seriously