September crypto hacks and scams wiped out $127m: PeckShield

The crypto market faced another wave of exploits last month, resulting in significant losses and highlighting ongoing security risks.
- In September 2025, the crypto industry lost over $127 million to hacks and scams.
- Around 20 major incidents were reported, including smart-contract exploits, protocol drains, and phishing attacks.
- The largest breaches targeted UXLINK and SwissBorg, accounting for the majority of the month’s stolen funds.
- September’s losses build on an already turbulent 2025, confirming that security risks remain high across the crypto industry.
A recent PeckShield report revealed that the crypto industry lost approximately $127.1 million to hacks and scams in September alone. The security firm identified around 20 major incidents that targeted various platforms and protocols within Web3 and DeFi.
The attacks spanned smart-contract exploits, protocol drains, and user-targeted phishing attacks, affecting both major platforms and smaller projects. While the total losses mark a 22% decrease from August’s $163 million, the overall impact remains significant.
UXLINK, SwissBorg hacks lead September losses
Among the largest breaches was the $44 million hack of Web3 social platform UXLINK on September 22. The attack exploited vulnerabilities in the protocol’s multi-signature wallet, allowing the attacker to mint billions of unauthorized tokens, which led to a dramatic drop in token value and liquidation into Ethereum and other assets.
SwissBorg’s $41.5 million loss marked the second largest, contributing heavily to the month’s total. The exploit stemmed from SwissBorg’s integration with staking provider Kiln. Hackers manipulated the API connection used by the Solana Earn program at the time, siphoning off about 192,600 SOL tokens.
Phishing attacks, which have been a major trend all year, also targeted Venus Protocol, leading to a $13.5 million loss that was later partially recovered.
Other notable cases included Yala, drained of $7.6 million, and GriffAI, which suffered $3 million in losses, highlighting continued vulnerabilities in cross-chain protocols and AI-integrated crypto projects. These top five incidents alone accounted for the majority of the month’s stolen funds.
Crypto losses continue to mount in 2025
September’s losses add to an already turbulent year for the industry. Earlier in July, security reports found that the first half of the year represented one of the worst stretches for Web3 security in recent years.
Some of the biggest incidents so far this year include the February Bybit $1.46 billion exploit and the Infini protocol hack in the same month, which saw $50 million stolen in a single transaction. Another major incident was July’s Nobitex exchange breach in Iran, where $90 million was lost in a politically motivated attack.
The continued exploits across protocols in recent months show that vulnerabilities remain across the broader industry, highlighting the need for stronger security measures.