July 2025 saw a sharp rise in crypto hacks, with cybercriminals stealing at least $142 million across 17 separate incidents, according to blockchain security firm PeckShield. This marks a 27% increase from June’s losses of $111 million, although it remains significantly lower than the $266 million stolen in July 2024.

The most notable breach this month was the $44 million hack of Indian cryptocurrency exchange CoinDCX, followed by major incidents involving GMX, BigONE, and WOO X. Security experts have raised alarms about a growing trend: hackers shifting focus from smart contract vulnerabilities to targeting offchain infrastructure and employee endpoints.

CoinDCX Suffers the Month’s Largest Breach

On 18 July, Indian crypto platform CoinDCX fell victim to a sophisticated server-side attack, resulting in a loss of approximately $44 million. The company’s CEO, Sumit Gupta, confirmed the breach, describing it as a “coordinated and advanced attack” that managed to compromise internal systems.

The incident prompted swift action from authorities, leading to the arrest of a CoinDCX employee believed to be linked to the breach. Investigations suggest the hack was not a simple exploit but rather a carefully orchestrated insider-enabled breach, underscoring the pressing need for robust internal controls within crypto firms.

WOO X Targeted via Social Engineering

Just days later, on 24 July, crypto trading platform WOO X lost at least $14 million in a phishing-driven attack. According to Rob Behnke, chairman of blockchain security firm Halborn, the attackers employed social engineering tactics to infiltrate a team member’s computer.

“From there, they pivoted into the development environment, exploiting internal trust mechanisms to drain user accounts,” Behnke stated in a report. The hacker carried out multiple unauthorised transactions over a two-hour window, moving assets across several chains including Bitcoin, Ethereum, BNB, and Arbitrum.

Fortunately, affected user accounts were later reimbursed using WOO X’s treasury funds. Still, the attack highlights a vulnerability beyond blockchain namely, employee endpoints and internal systems.

BigONE and GMX Also Breached

BigONE, a Singapore-based exchange, experienced a significant hot wallet exploit on 16 July, resulting in $27 million in losses. The attack was attributed to third-party infrastructure vulnerabilities, showcasing once again how weaknesses outside the blockchain can be exploited for large-scale theft.

#PeckShieldAlert In July 2025, ~17 major crypto hacks were recorded, resulting in total losses of $142M—a 27.2% increase (from $111.6M in June). Notably, the #GMX exploiter has returned ~$40.5M worth of cryptos, including 10K ETH and 10.5M $FRAX.#Top5 Hacks in July 2025:… pic.twitter.com/Y5VLUILq5Z

— PeckShieldAlert (@PeckShieldAlert) August 1, 2025

In another high-profile case, the GMX decentralised exchange was hit on 11 July for $40 million, making it the second-largest crypto hack of the month. Unusually, the attacker returned the stolen funds just days later. The motives behind the return remain unclear, although similar incidents in the past have stemmed from negotiations or white-hat intentions.

Hackers Shift Focus to Offchain Systems

While earlier trends in DeFi attacks revolved around smart contract loopholes, experts now observe a strategic pivot in hacker behaviour. Rob Behnke noted, “Attackers are no longer just looking at smart contracts. They’re increasingly aiming at backend infrastructure, employee devices, and offchain workflows.”

🚨 WOO X, a Taiwanese crypto trading platform, was hit by a $14 million hack in July 2025 😱

The attacker used a phishing attack on a team member to access the platform's development environment and make malicious withdrawal requests 💸

📰 Read more 👇

— Halborn (@HalbornSecurity) July 30, 2025

Unlike smart contracts, which can be audited and tested, offchain systems rely on procedural integrity and employee vigilance, making them harder to secure comprehensively. The WOO X and CoinDCX incidents are clear examples of human or internal system vulnerabilities being weaponised by malicious actors.

Security professionals are urging crypto companies to implement multi-layered security protocols, including endpoint protection, internal access restrictions, employee training, and routine infrastructure audits.

A Growing but Evolving Threat Landscape

While July’s losses are significantly below the $266 million figure from July 2024, dominated by the $230 million WazirX breach, the nature of these attacks paints a more alarming picture. Hackers are adapting rapidly, targeting not just code, but people and systems that underpin the crypto ecosystem.

As the crypto industry continues to grow in complexity and value, so too does its appeal to cybercriminals. Platforms, especially centralised exchanges and custodians, are now being warned: it’s not just about auditing code, but securing the entire operational pipeline.

The $142 million lost to hackers in July 2025 is a stark reminder that the battle for crypto security is far from over. With insiders, social engineering, and offchain vulnerabilities becoming common attack vectors, crypto firms must expand their defensive posture beyond blockchain and smart contracts. Proactivity, transparency, and robust security culture will be key in defending against the next wave of crypto exploits.