Crypto Hacks Surge 27% in July 2025: CoinDCX, GMX, and Others Hit Hardest
- Why Did Crypto Hacks Jump 27% in July 2025?
- Top 5 Crypto Hacks of July 2025
- CoinDCX’s $44.2M Nightmare: How Did It Happen?
- GMX’s $42M Exploit and the White-Hat Debate
- Smaller Exchanges, Bigger Problems
- FAQs: Your Burning Questions Answered
July 2025 marked a grim milestone for the crypto industry as hackers stole $142 million across 17 major attacks—a 27% spike from June. The Lazarus Group’s $44.2M heist on CoinDCX and GMX’s $42M exploit dominated the headlines, while BigONE, WOO X, and Future Protocol suffered smaller but significant losses. Only 4.6% of stolen funds were recovered, underscoring the sector’s vulnerability. Below, we break down the incidents, analyze trends, and explore what this means for crypto security.
Why Did Crypto Hacks Jump 27% in July 2025?
According to blockchain security firm PeckShield, crypto thefts surged to $142 million in July—up from $111.6 million in June. The increase reflects hackers’ growing sophistication, with attacks now targeting both centralized exchanges (like CoinDCX) and DeFi protocols (like GMX). Five major exploits accounted for most losses, and shockingly, just 4.6% of stolen funds were returned to victims. The Lazarus Group’s return to the spotlight and GMX’s “white-hat deal” drama added fuel to the fire.
Top 5 Crypto Hacks of July 2025
Here’s the breakdown of the month’s biggest incidents:
- CoinDCX: $44.2M stolen by North Korea’s Lazarus Group via a 5-minute Solana/Ethereum attack.
- GMX: $42M exploit due to a re-entrancy bug; $40.5M returned after a controversial white-hat negotiation.
- BigONE: $28M drained from hot wallets in a supply-chain attack.
- WOO X: $12M lost to a phishing scam targeting employees.
- Future Protocol: $4.2M vanished in an API exploit.
CoinDCX’s $44.2M Nightmare: How Did It Happen?
On July 19, India’s largest crypto exchange, CoinDCX, became Lazarus Group’s latest victim. The attackers siphoned $44.2M in USDC/USDT from an internal liquidity pool, leaving customer funds untouched. A test transaction of 1 USDT on July 16 foreshadowed the heist. Tornado Cash and cross-chain bridges were used to launder the loot—a tactic reminiscent of 2024’s WazirX hack. CEO Sumit Gupta assured users of the exchange’s solvency and offered an $11M bounty for recovery. "This was a wake-up call for India’s crypto security standards," admitted a BTCC analyst.
GMX’s $42M Exploit and the White-Hat Debate
GMX’s July hack exposed a flaw in its V1 code, allowing an attacker to manipulate prices and steal $42M in FRAX, WBTC, and DAI. The twist? The hacker returned $40.5M after negotiations, keeping $4.2M as a “fee.” Critics argue such deals incentivize future attacks, while defenders call them pragmatic damage control. GMX plans to retire its V1 codebase—better late than never.
Smaller Exchanges, Bigger Problems
BigONE ($28M), WOO X ($12M), and Future Protocol ($4.2M) proved no platform is immune. Phishing, API breaches, and supply-chain attacks are now go-to methods, outpacing smart contract exploits. Funds are typically laundered within minutes via mixers like Tornado Cash, making recovery nearly impossible. As of July 2025, only 4.6% of stolen crypto was reclaimed—a dismal stat highlighting the industry’s reactive security culture.
FAQs: Your Burning Questions Answered
Which crypto platform lost the most in July 2025?
CoinDCX topped the list with a $44.2M loss to the Lazarus Group.
Did GMX recover any stolen funds?
Yes—$40.5M was returned after a white-hat deal, but the hacker kept $4.2M.
How much crypto was stolen in total during July 2025?
Hacks totaled $142M across 17 incidents, per PeckShield data.
What percentage of stolen crypto is typically recovered?
Just 4.6% in the first half of 2025, according to blockchain analysts.
