Sign in Subscribe
News

August 2025 Web3 Hacks: $82.89M Lost in 9 Major Attacks

August 2025 Web3 Hacks: $82.89M Lost in 9 Major Attacks

Source: SlowMist Monthly Security Report: August Estimated Losses at $82.89 Million

August 2025 was a costly month for Web3 security, with combined estimated losses nearing $82.89 million. This includes both direct hacks and widespread phishing scams targeting the ecosystem.

Key Figures & Incident Breakdown

  • Total incidents: 9 major hacks recorded in August, accounting for roughly $70.73 million in stolen funds.
  • Recovery efforts: About $6.3 million has been frozen or recovered so far.
  • Phishing impact: Scam Sniffer reported 15,230 victims of phishing schemes, with losses exceeding $12.16 million.

Common causes involve smart contract flaws, exit scams, and compromised accounts.

Major Security Breaches

BtcTurk - $54M Lost

On August 14, Turkish crypto exchange BtcTurk suffered a severe attack, losing around $54 million. This is their second major hack following a $90 million breach in June 2024. The exchange detected “abnormal activity” in its hot wallets and paused deposits and withdrawals, but detailed incident specifics remain undisclosed.

Source: BtcTurk's official statement

ODIN.FUN - $7M in BTC Exploited

Bitcoin meme coin platform ODIN.FUN was exploited on August 12. Attackers manipulated token prices and withdrew about 58.2 BTC (~$7 million) based on inflated valuations. The co-founder later announced recovery of over 30 BTC, with ongoing efforts to retrieve more.

Source: ODIN.FUN co-founder update

BetterBank - $5M Loss

PulseChain DeFi project BetterBank was hit on August 27 via a contract vulnerability, allowing the attacker to mint arbitrary tokens and swap them for ETH. Approximately $2.7 million in stolen assets were returned afterward.

Source: BetterBank report

Credix - $4.5M Incident with Exit Scam Concerns

Credix, a decentralized lending platform, lost $4.5 million on August 4 after an attacker gained admin access, minted tokens, and drained liquidity pools. Credix claimed a settlement was reached with funds to be returned, but the team vanished shortly after deleting social channels. This raises suspicion of an orchestrated exit scam, with no compensation materialized yet.

Insights & Recommendations

  • Hot wallets on centralized exchanges remain prime targets, often leading to large-scale losses.
  • Persistent DeFi vulnerabilities include price manipulation and unchecked token minting.
  • Disappearances of project teams post-incident suggest some “hacks” may be planned exit scams.
  • Asset recovery is challenging. Partial recoveries are rare and limited in value.
  • Prevention is critical. Projects must maintain continuous security audits and implement strict wallet controls.
  • Users should stay informed and cautious of evolving scam techniques, leveraging anti-phishing resources.

Overall, heightened security vigilance at protocol and user levels remains essential to protect Web3’s growing ecosystem.

Read next