Lunaray’s monthly security event highlights have started! According to statistics from numerous blockchain safety surveillance systems, the cryptocurrency sector experienced roughly $ 181 million in losses from hacking, scams, and vulnerability ventures in August 2025, consisting of 21 significant safety events. This month’s losses went back to a high, largely driven by strikes on exchange hot wallets. A single occurrence on the Turkish exchange BtcTurk caused losses of $ 54 million, accounting for 33 % of the month’s total losses. Among the attack types, facilities protection vulnerabilities (including exchange warm budgets and DeFi platform susceptabilities) accounted for 58 % (about $ 94 5 million), while social engineering strikes such as phishing and “rug pull” strikes represented 42 %. Significantly, cyberpunks have for the first time combined cross-chain asset transfers with coin mixing services (such as Twister Cash) to launder funds, significantly raising the problem of mapping funds.
Hacker assault
5 normal safety cases
• CrediX Financing Permission Abuse and Abuse Event
Loss: Around $ 4 5 Million.
Occurrence Facts: On August 4 th, the DeFi lending procedure CrediX Finance experienced a consents misuse and abscondment occurrence. Attackers endangered the platform’s gain access to control system by taking manager account authorizations and tampering with duty accounts, thus stealing roughly $ 4 5 million in assets from the platform’s fund swimming pool. Complying with the incident, the task not only stopped working to fulfill its promise of full compensation within 24 hours, however also promptly shut down its main internet site and all social media accounts, completely losing call. This was a normal “hack and departure” safety event, revealing the double shortcomings of tiny DeFi platforms in permission administration and operational responsibility.
• ODIN Enjoyable Liquidity Manipulation Assault
Loss: 58 2 BTC (roughly $ 7 million).
Incident Facts: On August 12, the Bitcoin meme coin system ODIN FUN was manipulated because of a vulnerability in its automated market production (AMM) component. The assaulter added symbols to increase the cost and after that maliciously withdrew funds. Within two hours, the platform’s BTC reserves plummeted from 291 to 232 8 The team’s treasury was unable to totally make up, and the system has put on hold procedures and started a protection audit.
• BtcTurk Exchange Hot Budget Attack
Loss: Roughly $ 48 9 Million.
Event Information: On August 14 th, BtcTurk, Turkey’s second-largest exchange, endured a hot wallet assault, leading to the burglary of around $ 48 9 million in properties due to a personal vital leak. The hackers carried out a cross-chain assault across 7 blockchains, consisting of Ethereum, Avalanche, and Arbitrum, moving possessions to two addresses and after that quickly converting them to ETH via a decentralized exchange (DEX) for laundering. The exchange quickly put on hold cryptocurrency deposits and withdrawals, stressing that cold budget properties were not influenced and that fiat currency purchases were operating normally. Nevertheless, this occurrence noted the second such hot pocketbook protection incident within a year, subjecting consistent weaknesses in the personal essential defense system used in multi-chain asset administration.
• Equilibria Procedure Liquidity Swimming Pool Strike
Loss: Around $ 3 2 Million.
Occurrence Information: On August 18 th, Equilibria, a return improvement procedure built on the Arbitrum blockchain, endured a liquidity swimming pool strike. The opponent made use of a user interface vulnerability in the system’s third-party liquidity collector and created consent credentials to unlawfully take out properties from the EQB liquidity pool on the Camelot exchange, resulting in a loss of about $ 3 2 million. Complying with the incident, the project validated that the core contracts were not affected. Nonetheless, due to the fact that the assault included an independent EOA address, the flow of stolen funds is presently unavailable. The impacted swimming pool has been shut and an individual settlement plan has been evaluated.
• BetterBank Smart Agreement Susceptability Assault
Loss: About $ 5 Million.
Event Information and facts: On August 27 th, BetterBank, a DeFi system on PulseChain, was struck due to a layout flaw in its smart agreement consent verification module. The attacker manipulated this susceptability to build betting certificates, bypassing the platform’s collateral verification device and taking out assets, leading to a loss of roughly $ 5 million. Part of the swiped funds was exchanged 215 ETH and moved to an Ethereum blending swimming pool by means of a cross-chain network, highlighting the dangers of inadequate formal confirmation of wise agreements in emerging public chain ecological communities.
Carpet Pull/ Phishing Rip-off
10 Regular Protection Cases
(1 On August 2, the address beginning with 0x 6 c0e shed $ 908, 551 due to a phishing approval signed 458 days back.
(2 On August 5, an address that updated to EIP- 7702 lost $ 66, 000 because of a phishing batch transfer disguised as a Uniswap exchange.
(3 On August 6, the address starting with 0x 2 d 98 lost $ 3 05 million after authorizing a phishing deal.
(4 On August 10, an Aave customer (address starting with 0x 8 f 4 d) lost $ 343, 389 well worth of aEthWETH after signing a malicious “certificate” phishing trademark.
(5 On August 12, the address starting with 0xD 9 Db lost $ 165, 000 well worth of BLOCK and DOLO after authorizing harmful “accept” and “increaseAllowance” trademarks.
(6 On August 20, a large financier was phished while verifying an unidentified deal demand, and $ 55 million in DAI stablecoins were transferred to the cyberpunk’s address. The aggressor forged a Maker protocol authorization pop-up window to deceive the individual into authorizing an asset transfer contract. The stolen funds were swiftly converted into ETH and washed through a currency mixing service, highlighting the specific danger of “zero-interaction phishing” to high-net-worth customers.
(7 On August 20, somebody shed approximately $ 1 million in symbols and NFTs after a phishing set purchase disguised as a Uniswap swap transaction. The victim was an address starting with 0x 1526
(8 On August 24, an address beginning with 0x 9689 shed around $ 1 54 million by authorizing an EIP- 7702 phishing set transaction.
(9 On August 25, the address beginning with 0x 114 D lost 97 stETH ($ 465, 802 after authorizing a “certificate” phishing trademark.
(10 On August 26, the address beginning with 0x 4 b 47 shed GM and aOptUSDCn symbols worth $ 802, 746 after signing several phishing signatures.
Summarize
In August 2025, 25 cryptocurrency safety and security incidents caused about $ 181 million in losses, showing a “concentrated break out and intensifying tactics.” Among them, the Turkish exchange BtcTurk endured a cross-chain assault due to a private essential susceptability (causing losses of $ 48 9 million, representing 33 % of the total for the month), noting the 2nd such occurrence in a year. BetterBank ($ 5 million) and CrediX ($ 4 5 million; the group ultimately disappeared) subjected clever agreement susceptabilities, while ODIN ENJOYABLE ($ 7 million) showed the increasing availability of liquidity manipulation tools.
Cyberpunks’ cash laundering approaches have actually developed. In both the BtcTurk and BetterBank cases, “cross-chain + coin blending” was made use of to process stolen funds, resulting in only 17 % of the taken funds being deducible. AI-powered phishing devices have additionally come to be a brand-new risk for specific financiers.
In action to the dangers exposed in August, the Lunaray safety group suggested that systems promptly carry out a dual-security technique of “multi-signature mechanism + exclusive essential rotation” for warm budgets and perform an unique audit of “decreased approvals” for wise contracts. Users should prioritize cold pocketbooks for saving huge amounts of properties and continue to be skeptical of small platforms that need unrestricted permission. The industry quickly requires to establish a cross-chain collaborative surveillance system to battle brand-new attack patterns that cyberpunks are exploiting the fragmented multi-chain ecological community to perform.
