Crypto Hacks Surge in August, $173M Lost in Exploits: CertiK

Crypto hacks continued their upward trend in August, with approximately $173.2 million in total lost across exploits, up over 13% from July, according to security analytics firm CertiK.

Phishing attacks alone accounted for roughly $101 million of the total, CertiK revealed earlier this week on X, formerly Twitter. A phishing attack refers to a type of social engineering scam when attackers impersonate trusted entities — often with disguised links or fake websites — to trick victims into revealing sensitive information, such as login credentials, credit card numbers, or other personal data.

The largest incidents in August included a $91 million phishing scam and the $53 million BTC Turk exploit, which together represented around $144 million of the month’s total losses. By comparison, the month of July saw $153 million lost to hacks, while June’s total was around $111 million, showing a steady growth in monthly crypto thefts this summer.

These figures reflect a concerning trend for the digital asset community, as attackers increasingly target both exchanges and individual users. The data suggests that while security measures have grown more sophisticated in some areas, basic attacks like phishing remain a threat.

“This year alone, blockchain-based finance is on track to lose $4.5–5 billion to hacks, about 4% of all [digital] assets, and that’s before trillions in traditional assets start moving on-chain,” Mitchell Amador, CEO of Immunefi, told The Defiant in an email. “Social engineering in crypto is the most lucrative place in the history of mankind to do this kind of work.”

Amador explained that this is the case because of large, organized groups running what he called “criminal tech startups,” whose only goal is to steal money.

H1 Findings

According to a separate report by CertiK from June 30, a total of $2.47 billion was lost across 344 incidents in the first half of the year (H1). Wallet compromises accounted for the most losses, totalling roughly $1.71 billion across 34 incidents, while phishing was the most frequent, responsible for $410.7 million over 132 attacks.

Ethereum suffered both in number and value of incidents, with 175 hacks, scams, and exploits on the second largest blockchain totaling $1.63 billion in losses. The total value of funds recovered reached $187.3 million, leaving adjusted losses of $2.29 billion for H1 2025. Still, it’s worth noting that Q2 recorded a 52% drop in losses compared with Q1.

In August, a single crypto user lost over $3 million in USDT after unknowingly giving malicious actors access to their wallet, in what appeared to be a phishing scam involving a fake version of lending protocol Aave.