Hackers didn’t take a summer break. While crypto volumes ripped to all-time highs, August quietly leaked $163M across just 16 exploits — up 15% from July. The biggest surprise? The largest hit wasn’t an exchange at all but a veteran Bitcoiner socially engineered out of $91.4M. Here’s what actually failed, how attackers moved the money, and what traders can do today to reduce exposure without sacrificing upside.

August’s Damage Report

PeckShield tracked roughly $163M lost in August 2025, across 16 incidents. That brings first-half 2025 hacks to $2.3B+, underscoring a persistent uptrend in crypto security risk even as liquidity and institutional flows surge.

Who Was Hit — and How

• Individual BTC holder: $91.4M drained via social engineering/key theft.
• BTCTurk (CEX): ~$50M via compromised hot-wallet keys (2nd major breach after 2024’s $55M).
• ODIN.fun (BTC memecoin launchpad): ~$7M from AMM logic manipulation.
• BetterBank.io (PulseChain lending): ~$5M by gaming a reward-minting mechanism using fake liquidity pools.
• CrediX Finance (Sonic DeFi): ~$4.5M from a multi-sig exploit; funds bridged to Ethereum to obfuscate flows.

Investigators observed attackers using mixers and cross-chain bridges to launder funds within hours — patterns consistent with past state-linked campaigns.

Why This Matters to Traders

- The risk isn’t just platform-level; individual wallet hygiene is now a frontline. A single slip can dwarf exchange losses. - CEX hot wallets remain targets. Even reputable platforms can pause withdrawals at the worst moment for your trade. - DeFi launchpads and new chains carry smart-contract risk — and when funds bridge quickly, recovery odds drop.

Actionable Moves (Do These Now)

• Segment custody: Keep trading float on exchanges; move reserves to hardware or multi-sig. Enable withdrawal whitelists and use a hardware security key for account access.
• Harden personal ops: Never sign blind; verify domain and contract. Use address-book sends, beware address poisoning, and periodically revoke approvals on active wallets.
• DeFi risk filters: Prioritize protocols with audits, bug bounties, real TVL, and timelocked upgrades. Cap per-protocol exposure and use isolated margin.
• Trade around hacks: Expect short-term liquidity shocks when hacker wallets move. Use alerts on large transfers from known exploit addresses and avoid chasing first move.
• Bridge safely: Prefer reputable bridges, test with small amounts, and avoid bridging during active incident windows.

Market Context: Liquidity Up, Threats Up

Despite the breaches, DEXs processed about $1.15T in August (perps ~$648.6B), while Bitcoin hovered near $108K after an early-month spike toward $124K. ETF flows stayed firm — BTC ETFs absorbed ~3,000 BTC in early September, with Solana and XRP ETFs seeing $177M and $134M August inflows. Rising prices tend to embolden attackers; expect more attempts when volatility and liquidity are high.

Note on memecoins: Launchpads like ODIN.fun highlight that memecoins are highly speculative. Treat them as risky, short-horizon trades, not investments.

Bottom Line

Exploit risk is cyclical and currently rising. Tighten custody, reduce single-point failures, and size positions by counterparty risk as much as price outlook. Institutions are pushing for mandatory multi-sig, deeper audits, and regular red-team testing — traders should mirror that discipline at the wallet and protocol level.

If you don't want to miss any crypto news, follow my account on X.