Crypto Hackers Nabbed $409M in Q3: Immunefi
The figure is 40% less than in third-quarter 2023.
- $409 million stolen in the third quarter, 40% less than in the year-earlier period.
- The majority of stolen funds can be attributed to the hacks of WazirX and BingX, with $235 million and $52 million being stolen respectively.
- DeFi remains an unparalleled opportunity for blackhat hackers, Immunefi said.
Hackers stole $409 million worth of cryptocurrency in the third quarter, and an additional $3 million was lost to fraud, according to a report by Immunefi.
The figure is 40% less than in third-quarter 2023, the bug bounty platform said.
The amount of capital locked on decentralized finance (DeFi) protocols represents an "unparalleled and attractive opportunity for blackhat hackers," Immunefi said. There is currently $87.2 billion in total value locked (TVL) across DeFi, according to DefiLlama.
Most the quarter's losses came from hacks of crypto exchanges, with India's WazirX losing $235 million and Singapore's BingX $52 million. The report said 32 other hacks accounted for 32% of total losses.
"We're seeing a higher number of incidents targeting DeFi, while CeFi experiences fewer incidents but often with more severe consequences, with hundreds of millions in stolen funds in a single exploit," said Mitchell Amador, founder and CEO of ImmuneFi.
"In CeFi, the biggest infrastructural issue is private key management, which is essential to maintaining the self-custody of crypto assets but is not typically subject to security audits. It requires rigorous key management policies, practices, and emergency plans."
WazirX lost funds after hackers compromised the exchange's private keys. The exchange halted withdrawals and froze trading on July 18, and is now seeking a moratorium from Singapore's courts to give it time to restructure.
The Ethereum blockchain was the most common target for hackers, with 15 incidents of theft reported compared with eight on BNB Chain and two on Base.
There were also two incidents of funds being recovered after being stolen. Ronin Network recouped $10 million from a $12 million hack and ShezmuTech clawed back all $4.9 million that was taken.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Surf Raises $15M to Build AI Model Tailored to Crypto Research
Pantera Capital led the round, with Coinbase Ventures and Digital Currency Group also participating.
What to know:
- Surf raised $15 million to develop "Surf 2.0" and launch an enterprise product aimed at institutional users.
- The firm said it has generated more than 1 million research reports since July and is seeing 50% month-over-month growth.
