In a month that saw a slight dip in the total losses from cryptocurrency-related attacks, September still recorded substantial financial damage with $127 million lost to hackers. While the total losses have decreased compared to previous months, the number of incidents remains high, underscoring persistent vulnerabilities, particularly among Real-World Asset (RWA) projects and Decentralized Finance (DeFi) platforms.
The Persistent Threat of Crypto Hacks
Cryptocurrency hacks are nothing new, but the tactics and targets are evolving. As September’s figures reveal, hackers are increasingly focusing on platforms that bridge the gap between digital and physical assets, such as RWAs, as well as DeFi projects, which have surged in popularity over the past few years. These platforms offer lucrative opportunities for bad actors because of their often complex and sometimes under-secured nature.
Despite the decrease in total losses from previous months, the sheer number of incidents indicates that the threat environment remains robust. Cybersecurity experts warn that as long as there are valuable assets to be stolen, hackers will continue to innovate and find new ways to exploit weaknesses.
RWAs and DeFi: High-Value Targets
Real-World Asset projects, which tokenize physical assets like real estate or commodities, have become particularly attractive targets. These projects allow investors to access traditionally illiquid markets, but they also bring the complexities—and potential vulnerabilities—of the physical world into the digital realm. In September, several high-profile RWA projects were targeted by sophisticated schemes, resulting in significant financial losses.
Similarly, DeFi platforms, which offer decentralized financial services like lending and borrowing without intermediaries, have been repeatedly hit. The decentralized nature of these platforms, while providing numerous benefits, also means that they often lack the centralized oversight that might catch vulnerabilities before they’re exploited. In September, a series of attacks highlighted security gaps in smart contracts and governance mechanisms, areas that are notoriously difficult to secure.
Learning From the Past
The cryptocurrency community has been learning a lot from past incidents, and efforts to enhance security are ongoing. Many platforms are now investing heavily in third-party audits and bug bounty programs to find and fix vulnerabilities before they can be exploited. These measures have been somewhat effective, as evidenced by the reduction in total losses, but they are not foolproof.
Moreover, the industry is seeing a push towards better regulation and standardization. Governments and regulatory bodies worldwide are increasingly stepping in to provide guidelines and frameworks aimed at improving security and protecting investors. However, the decentralized and global nature of cryptocurrencies means that such efforts can be slow and challenging to implement uniformly.
The Human Factor
One often-overlooked aspect of these hacks is the human factor. Many successful attacks are not purely technological but also involve social engineering tactics. Hackers exploit trust and manipulate individuals into revealing sensitive information or performing actions that compromise security. Education and awareness among users and developers are crucial in combating these types of attacks.
Crypto exchanges and platforms are increasingly recognizing the importance of user education. Initiatives to teach users about the risks and best practices for safeguarding their assets have been launched, but there’s still a long way to go in ensuring that every participant in the crypto ecosystem is adequately informed.
Looking Ahead
As we move forward, the focus on security within the cryptocurrency space will continue to grow. With $127 million lost in September alone, the stakes are higher than ever. The community must remain vigilant, adopting new technologies and strategies to stay ahead of increasingly sophisticated attackers.
Investors and developers alike are encouraged to prioritize security at every level, from the individual user to the platform architecture. By learning from past incidents and continuing to innovate in security practices, the cryptocurrency industry can hope to reduce the frequency and impact of these damaging attacks.
While the road ahead is fraught with challenges, the resilience of the crypto community is undeniable. As the industry evolves, so too will the measures to protect it, ensuring that the promise of decentralized finance and digital assets can be realized safely and securely.
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
