SlowMist Monthly Security Report: August Estimated Losses at $82.89 Million
Overview
In August 2025, Web3 security incidents resulted in an estimated $82.89 million in total losses. According to the SlowMist Hacked Archive, there were 9 hacking incidents during the month, causing losses of approximately $70.73 million, with about $6.3 million frozen or recovered. The causes included smart contract vulnerabilities, project exit scams, and account compromises.
In addition, according to the Web3 anti-scam platform Scam Sniffer, 15,230 victims fell prey to phishing attacks in August, with losses totaling $12.16 million.
Major Security Incidents
BtcTurk
On August 14, 2025, Turkish cryptocurrency exchange BtcTurk reportedly suffered another attack, resulting in losses of approximately $54 million. This was the second major incident in just over a year, following a $90 million hack on June 22, 2024.
In its official statement, BtcTurk acknowledged “abnormal activity” in its hot wallets and suspended deposits and withdrawals, but did not disclose further details regarding the scale or technical specifics of the attack.
ODIN.FUN
On August 12, 2025, the Bitcoin-based meme coin issuance platform ODIN.FUN was exploited, leading to losses of 58.2 BTC (around $7 million). The attacker allegedly manipulated the prices of multiple tokens and withdrew BTC based on the inflated valuations.
On August 17, ODIN.FUN co-founder Bob Bodily reported that over 30 BTC had been recovered, with additional funds still in the process of being retrieved.
BetterBank
On August 27, 2025, the PulseChain-based DeFi project BetterBank was exploited, with losses of around $5 million. The attacker leveraged a contract vulnerability to mint arbitrary tokens, some of which were swapped for ETH.
Subsequently, the attacker returned approximately 550 million pDAI (around $2.7 million) worth of stolen assets.
Credix
On August 4, 2025, the decentralized lending protocol Credix was exploited, with losses totaling $4.5 million. By gaining control of an administrator wallet, the attacker minted tokens and drained liquidity pools.
Following the incident, Credix announced that it had reached a settlement with the attacker, who agreed to return the funds in exchange for a payment from the project’s treasury. However, the project did not disclose the actual settlement amount. Shortly afterward, Credix’s social media accounts were deleted and the team disappeared, raising widespread suspicions that the “attack” may have been an orchestrated exit scam. As of now, the promised compensation has not been delivered.
Analysis and Security Recommendations
August’s incidents highlight several recurring risks. Hot wallets on centralized platforms remain prime targets, with breaches often leading to significant losses. In the DeFi ecosystem, vulnerabilities continue to surface, particularly in areas involving price manipulation and token minting logic, suggesting that many protocols lack ongoing security maintenance after launch. Cases where teams vanished after incidents also raise concerns that some so-called “attacks” may in fact be exit scams, which can inflict even greater damage on users.
Overall, the difficulty of recovering stolen assets remains high. While a few projects have managed partial recoveries, the amounts are limited, underscoring that prevention is far more effective than post-incident recovery. Both platforms and users must continuously enhance their security awareness and safeguards. Protocols should maintain rigorous security auditing practices to identify and patch vulnerabilities in a timely manner, while asset management systems must strengthen wallet segregation and monitoring mechanisms. Staying alert to the latest attack vectors and security trends is also essential.
For individual users, resources such as the Blockchain Dark Forest Self-Guard Handbook can provide practical guidance on improving personal protection in the Web3 ecosystem.
Finally, the incidents covered in this report represent the major cases observed in August. For more details on Web3 security incidents, please refer to the SlowMist Hacked Archive.
