Crypto hacks caused $127 million in losses in September, led by UXLINK and SwissBorg breaches. Could this year be one of the worst ever?
September saw crypto hacks cause $127 million in losses, according to blockchain security firm PeckShield.
The figure represents a 22% decline from August’s $163 million, but the month’s events show that hacks and scams are still some of the biggest risks to the sector.
September crypto hacks and $127M in losses
The month recorded around 20 major exploits affecting platforms, protocols and individual users.
While the lower figure compared to August indicates some slowing of hacker activity, experts are warning that the threat continues to be a serious one.
#PeckShieldAlert September 2025 saw ~20 major crypto exploits, resulting in total losses of $127.06M.
This marks a -22% decrease from August’s $163M.In a positive development, ~$13M drained from a Venus user in a #phishing attack has been recovered.
Top 5 Hacks:
🔺 #UXLINK –… pic.twitter.com/ebUYM3Xwnh— PeckShieldAlert (@PeckShieldAlert) October 2, 2025
PeckShield reported that September’s losses were highly concentrated.
UXLINK and SwissBorg accounted for almost two-thirds of the stolen funds, and did much to show how vulnerable large platforms can be, despite ongoing security efforts.
UXLINK and SwissBorg Hacks dominate September losses
The biggest single incident involved the Web3 social networking platform, UXLINK.
On September 22, attackers breached its multisignature wallet to mint nearly 10 trillion unauthorised tokens. The exploit triggered a drop in UXLINK’s token price, wiping out more than 90% of its market value.
Urgent Security Notice
We have identified a security breach involving our multi-signature wallet, resulting in a significant amount of cryptocurrency being illicitly transferred to both CEXs and DEXs.
Our team is working around the clock with both internal and external security…
— UXLINK (@UXLINKofficial) September 22, 2025
The attacker later swapped most of the illicit tokens, converting them into just 16 ETH, worth about $67,000, as exchanges froze many deposits.
Surprisingly, the hacker reportedly lost 500 billion tokens in a phishing attack while carrying out the exploit.
Crypto wealth management platform, SwissBorg, was the second-largest target as hackers broke into Kiln, a third-party API provider integrated into SwissBorg’s Solana Earn program.
The attack siphoned about 192,600 SOL, worth around $41.5 million, from user accounts. SwissBorg pointed out that the hack affected less than 1% of users and promised to compensate losses from its treasury.
Phishing attacks and smaller exploits add to losses
A phishing scam targeting a Venus Protocol user resulted in a $13.5 million loss. Fortunately, about $13 million of that amount has since been recovered. This makes it one of the few cases where stolen funds were returned.
Other incidents included Yala, which lost $7.64 million and GriffAI, which was drained of $3 million.
Smaller exploits hit platforms like Nono, Shibarium Bridge, Basset, New Gold Protocol and SolidifyFund, with each losing between $1 million and $2.4 million.
Crypto losses continue to mount
Despite the decline in September, the crypto industry continues to be on track for one of its worst years for security hacks.
According to Chainalysis, hackers stole $2.17 billion in the first half of the year, with CertiK reporting an even higher estimate of $2.47 billion.
The February Bybit exploit alone accounted for around $1.5 billion in stolen funds. Other major incidents this year included the Infini protocol hack, which took $50 million in a single transaction, and the July breach of Iran’s Nobitex exchange that cost $90 million.
PeckShield noted that September’s total was lower than August’s $163 million but higher than July’s $142 million.
This indicates that there is no clear downward trend in exploit activity.
#September #Crypto #Hacks #Drop #127M #Major #Exploits #Persist
