Biggest DeFi Hacks of August 2025

In August 2025, four DeFi and crypto hacks crossed the $1 million threshold, contributing to total ecosystem losses of more than $163 million. Here’s a breakdown of the biggest incidents:

1. BTC Holder Phishing Attack — $91.4M

An individual was tricked into transferring 783 BTC after attackers impersonated exchange support. This marked one of the largest social engineering thefts in crypto history.

2. BtcTurk Exchange Exploit — $54M

The Turkish exchange suffered a hot wallet compromise across multiple chains, including Ethereum, Avalanche, Arbitrum, and Optimism, leading to a massive $54 million loss.

3. Odin.fun AMM Flaw — $7M

A logic error in the AMM launchpad’s contract enabled attackers to manipulate token prices and withdraw assets, resulting in a $7 million exploit.

4. BetterBank Lending Protocol — $5M

Attackers created fake liquidity pairs with FAVOR tokens to exploit bonus minting logic, draining $5 million before the protocol froze trading.

5. CrediX Finance Exploit — $4.5M

On the Sonic blockchain, weak access controls let attackers mint tokens freely and drain pools, costing the protocol $4.5 million.

Lessons Learned

• Smart contract rigor:Logic flaws and weak access controls remain top attack vectors—every new protocol must undergo thorough auditing.
• Hot wallet management:Exchanges must minimize hot wallet exposure with multi-sig cold storage and monitoring.
• User security:Social engineering remains a massive threat; user education and strong authentication are critical.
• Holistic defense:Combining audits, bug bounties, real-time monitoring, and operational best practices is the only sustainable path to resilience.

August 2025 highlighted that DeFi risks extend far beyond code—security must be treated as an ecosystem-wide priority.