In October, several high-profile crypto security breaches contributed to industry-wide losses totaling nearly $130 million.
Among the significant incidents, a crypto user reportedly lost 15,079 fwDETH, equivalent to about $36 million, after falling victim to a phishing attack on October 11. Meanwhile, crypto exchange M2 disclosed a $13.7 million hack, with attackers draining its hot wallets of assets including Bitcoin, Ethereum, and Solana. M2 assured users that the issue was resolved, and funds were fully restored.
October saw a surge in crypto losses, primarily from exit scams, flash loan exploits, and other security breaches, as documented by blockchain security firm CertiK. The largest losses stemmed from protocol exploits, amounting to $127 million. Radiant Capital, a lending platform, suffered the month’s biggest hit with an exploit resulting in a loss of over $50 million.
Following the attack, Radiant temporarily suspended its BNB Chain and Arbitrum markets, later revealing that the breach was due to a malware attack that compromised the devices of several core developers.
To enhance security, Radiant has since restructured its protocol ownership under a timelock contract, requiring a 72-hour delay on all changes. Although October’s losses represented a slight month-over-month increase, they marked a substantial decline from May’s peak losses of $324.7 million.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.
CoinMarketCap, one of the most widely used crypto data tracking platforms, is reportedly facing a front-end security breach, with multiple users encountering a suspicious prompt to verify their wallets.