Crypto Losses Hit $155.9 Million in September as Hacks, Scams Surge

The crypto industry is facing increasing threats as hackers and scammers continue to target digital assets. Despite improvements in security measures, vulnerabilities remain, which leaves platforms and users at risk. 

September 2025 turned out to be one of the most damaging months this year. Here’s how. 

14 Major Crypto Incidents in September

Crypto security firm CertiK reported that in September, about $155.9 million was lost to exploits, with $26.4 million tied to phishing. There were 14 major crypto incidents (excluding phishing), each causing initial losses of over $1 million, the highest number of such incidents since March 2024. 

Where Did the Damage Come From?

Looking at categories, wallet compromises caused the most losses with $100.8 million stolen. Phishing accounted for $26.4 million, code vulnerabilities led to $12.2 million, exit scams made up $8.2 million, and price manipulation resulted in over $2 million in losses.

Breaking it down by platform, SocialFi projects suffered the most at $42.3 million. Exchanges followed closely with $41.6 million, while DeFi protocols lost $29.1 million. AI-related projects and bridge exploits were also hit, with $5.7 million and $3.08 million in losses respectively.

Biggest Crypto Exploits of the Month

The biggest exploit in September came from UXLINK, with losses exceeding $42.3 million, closely followed by SwissBorg at $41.4 million. 

Other notable incidents included:

• Bunni v2 ($8.4M)
• Yala ($7.8M)
• Acquabot ($4.6M)
• HyperVault Finance, Shibarium, GriffinAI, OlaXBT Terminal, and Nemo, with losses ranging between $2.5 million to $3.5 million.

In September, phishing scams accounted for $26.4 million in losses, down from the higher amounts reported in August and the peak in April.

Rising Cyber Threats in Crypto

CertiK had previously said that the crypto industry faces an “endless war” against hackers, reporting nearly $2.5 billion in digital asset thefts in the first half of 2025.

CertiK co-founder Ronghui Gu noted that as long as there are weak points or vulnerabilities, sooner or later they will be discovered by attackers. He also warned that next year’s hacks could reach billion-dollar levels, emphasizing that while defenses are improving, cybercriminals are also becoming more sophisticated.