Bad actors and scammers stole at least $142 million from the crypto space in July across 17 separate attacks, with the exploit of crypto exchange CoinDCX accounting for the most significant loss. 

The total monthly losses represented a 27% increase from the $111 million in June, blockchain security firm PeckShield said in an X post on Friday.  

However, it’s still a 46% drop from the same time last year, when July 2024 saw $266 million taken by hackers, with the $230 million breach of Indian crypto exchange WazirX accounting for the lion’s share at the time.

Source: PeckShield

PeckShield said the attacker who exploited the GMX decentralized exchange for $40 million in crypto on July 11, the second largest hack for the month, returned the stolen funds days later.

CoinDCX hack the biggest for July 

Indian cryptocurrency exchange CoinDCX was hacked on July 18 for $44 million, in what CEO Sumit Gupta said was “a sophisticated server breach.” A CoinDCX employee was arrested on Thursday in connection with the incident.

Only a few days earlier, on July 16, crypto exchange BigONE suffered a third-party attack targeting its hot wallet infrastructure, resulting in a loss of at least $27 million.

Rounding out the top three for July was crypto trading platform WOO X, which was compromised through a phishing attack on July 24, resulting in at least $14 million being taken. 

WOO X team member’s device accessed 

Rob Behnke, chairman of blockchain security firm Halborn, said in a report on Tuesday that bad actors responsible for the WOO X hack used social engineering to target one of the firm’s team members and access their devices. 

Source: Halborn

“In this case, the attacker used social engineering to compromise a team member’s computer. From there, they could pivot to the development environment and exploit trust in the system to drain user accounts,” he said. 

“The attacker successfully performed multiple malicious transactions over the course of two hours before the suspicious activity was noticed and the platform disabled withdrawals.” 

Funds were stolen on multiple chains, including Bitcoin (BTC), Ether (ETH), BNB (BNB), and Arbitrum (ARB).

The accounts impacted by the incident later had their balances restored from the company’s treasury. 

Related: Crypto seed phrase, front-end hacks drive record losses in 2025: TRM Labs

Hackers targeting offchain systems

There has been a recent trend among hackers to target offchain systems for high-value hacks, according to Behnke.

“Instead of looking for exploitable smart contract vulnerabilities, which can be identified and addressed via smart contract security audits, attackers look for weaknesses in back end infrastructure and processes,” he said. 

“As DeFi hackers grow more sophisticated and increasingly target back end systems and infrastructure, projects need to have strong security controls and processes in place to mitigate these threats.”

Magazine: North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express