According to the blockchain security firm PeckShield, crypto hacks dropped 22 percent in September to $127.06 million in total, down from $163 million in August, but with more than 20 major hacks still affecting the ecosystem. The decline is good for the squeezed crypto world; yet, hacks to DeFi or blockchain platforms still hold great damage for the industry.
One of the most expensive losses of the month was UXLINK, who lost $44.14 million when hackers minted trillions of tokens without permission through a multisig wallet exploit that sent their value down slightly more than 90 percent. SwissBorg saw $41.5 million lost on Solana through a compromised partner API, but they had previously compensated users upfront.
The other notable losses were due to density of hacks against other protocols, including the Venus $13.5 million phishing hack (much of the total was returned), as well numerous minor hacks against the likes of Yala, GriffAI, and others. This cycle will add to a total near $2 billion losses due to records of crypto hacks in 2025.
According to blockchain security startup PeckShield, cryptocurrency attacks resulted in $127.06 million damages in September 2025.
The amount is a 22% decline from August’s $163 million, although over 20 large exploits were still reported throughout the industry.
Losses fall but remain high, as UXLINK and SwissBorg hacks dominate September.
PeckShield published its results on X, highlighting the ongoing danger of large-scale assaults on decentralised finance (DeFi) and blockchain networks. While the dip from August’s total indicates a decrease in criminal activity, the aggregate statistic illustrates that hacking remains a big concern for the business.
#PeckShieldAlert September 2025 saw ~20 major crypto exploits, resulting in total losses of $127.06M.
This marks a -22% decrease from August’s $163M.In a positive development, ~$13M drained from a Venus user in a #phishing attack has been recovered.
Top 5 Hacks:
🔺 #UXLINK –… pic.twitter.com/ebUYM3Xwnh— PeckShieldAlert (@PeckShieldAlert) October 2, 2025
According to the statistics, the total for September was significantly concentrated in a few big occurrences, with UXLINK and SwissBorg accounting for over two-thirds of the damages.
UXLINK, a blockchain-based social networking site, experienced the month’s greatest hack, losing $44.14 million. Following the incident, in which the hacker exploited its multisig wallet to create approximately 10 trillion unauthorised tokens, UXLINK’s token dropped by more than 90%.
UXLINK was hacked!
The hacker received 490M $UXLINK and also minted 2B $UXLINK.
The hacker has sold a massive $UXLINK on DEXes through six wallets, obtaining 6,732 $ETH ($28.1M).
He also sold a large amount of $UXLINK on CEXes.
Address:… pic.twitter.com/i2XFO7u4ZU
— Lookonchain (@lookonchain) September 23, 2025
The attacker transferred assets to exchanges, however UXLINK said that numerous deposits had been stopped with exchange assistance and law authorities contacted. Blockchain startups PeckShield and Hacken discovered that the hacker continued to issue tokens, eventually trading about 9.95 trillion for just 16 ETH, or around $67K.
UXLINK responded by urging exchanges to cease trade, announcing a token swap scheme, and noting that the attacker lost 500 billion tokens in a phishing scam during the vulnerability.
Meanwhile, SwissBorg, a well-known financial management platform in the cryptocurrency market, received $41.5 million in Solana. This incident occurred after hackers accessed partner API provider Kiln, emptying around 192,600 SOL from its Earn program. With less than 1% of customers impacted, the site offered treasury cash as compensation, enlisted white-hat hackers, and emphasised that operations would be unaffected.
🇨🇭 SwissBorg hit by $41.5M $SOL hack after API compromise amid cascade of crypto security failures, including Nemo and Aqua exploits.#CryptoHack #Solanahttps://t.co/ztUl2s0yxv
— Cryptonews.com (@cryptonews) September 8, 2025
Along with the two main incidents, a phishing assault on a Venus user resulted in the theft of $13.5 million in assets. PeckShield stated that around $13 million of that sum was successfully recovered, making it one of the rare incidents in which stolen monies were restored to victims.
Additional September events included Yala’s $7.64 million loss and GriffAI’s $3 million breach. Smaller vulnerabilities caused Nono, Shibarium Bridge, Basset, New Gold Protocol, and SolidifyFund to lose between $1 million and $2.4 million.
PeckShield also tracked the transit of stolen cash, detecting transfers of hundreds of Ether between wallets. Individual fluxes varied from 443 to 800 ETH. It is unknown if these funds were channelled via mixers or other laundering services.
September crypto hacks hit $154 million, putting 2025 on track for record-breaking losses.
The September data maintain the pattern of high-value thefts in 2025, while the decline from August gives some short-term comfort. The losses placed September slightly behind August’s $163 million total but higher than July’s $142 million, indicating no apparent downturn in exploit activity.
More generally, billions of dollars were stolen from protocols in the first half of 2025, with Chainalysis predicting $2.17 billion from January to June and CertiK estimating $2.47 billion. Much of this statistic was distorted by February’s enormous Bybit attack, which alone resulted in around $1.5 billion in stolen assets.
👨🏻💻 August saw a surge in crypto-related scams, with a staggering $310 million lost to various exploits, making it the second-highest monthly total this year.#Scam #Hackhttps://t.co/ACGCNaBMLz
— Cryptonews.com (@cryptonews) September 2, 2024
Comparisons to previous years indicate the scope of the issue. The mid-year totals in 2025 have already eclipsed the $2.2 billion taken in all of 2024, putting this year on course to be one of the worst in crypto history for security breaches.
With three months remaining in the year, researchers warn that unless industry-wide defences improve, 2025 may surpass previous records established at the height of 2022’s DeFi escapades.
▾ ARTICLE SOURCES
We cite primary sources where possible and reputable publishers for context.
⚠️ Disclosure
