Bad actors and scammers stole at least $142 million from the crypto space in July across 17 separate attacks, with the exploit of crypto exchange CoinDCX accounting for the most significant loss.ย
The total monthly losses represented a 27% increase from the $111 million in June, blockchain security firm PeckShield said in an X post on Friday.ย ย
However, itโs still a 46% drop from the same time last year, when July 2024 saw $266 million taken by hackers, with the $230 million breach of Indian crypto exchange WazirX accounting for the lionโs share.
The attacker who exploited the GMX v1 decentralized exchange for $40 million in crypto on July 11 also returned the stolen funds days later, PeckShield said.
CoinDCX hack the biggest for Julyย
Indian cryptocurrency exchange CoinDCX was hacked on July 18 for $44 million, in what CEO Sumit Gupta said was โa sophisticated server breach.โ A CoinDCX employee was arrested on Thursday in connection with the security breach.
Only a few days earlier, on July 16, crypto exchange BigONE suffered a third-party attack targeting its hot wallet infrastructure, resulting in a loss of at least $27 million.
Rounding out the top three for July was crypto trading platform WOO X, which was compromised through a phishing attack on July 24, resulting in at least $14 million being taken.ย
WOO X team memberโs device accessedย
Rob Behnke, chairman of blockchain security firm Halborn, said in a report on Tuesday that bad actors responsible for the WOO X hack used social engineering to target one of the firmโs team members and access their devices.ย
โIn this case, the attacker used social engineering to compromise a team memberโs computer. From there, they could pivot to the development environment and exploit trust in the system to drain user accounts,โ he said.ย
โThe attacker successfully performed multiple malicious transactions over the course of two hours before the suspicious activity was noticed and the platform disabled withdrawals.โย
Funds were stolen on multiple chains, including Bitcoin (BTC), Ether (ETH), BNB (BNB), and Arbitrum (ARB).
The accounts impacted by the incident had their balances restored from the companyโs treasury.ย
Related: Crypto seed phrase, front-end hacks drive record losses in 2025: TRM Labs
Hackers targeting offchain systems
There has been a recent trend among hackers to target offchain systems for high-value hacks, according to Behnke.
โInstead of looking for exploitable smart contract vulnerabilities, which can be identified and addressed via smart contract security audits, attackers look for weaknesses in back end infrastructure and processes,โ he said.ย
โAs DeFi hackers grow more sophisticated and increasingly target back end systems and infrastructure, projects need to have strong security controls and processes in place to mitigate these threats.โ
Magazine: North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express
