July’s Crypto Carnage: $140M Drained in 17 Major Hacks—PeckShield Sounds Alarm

Crypto's wild west strikes again—another month, another nine-figure heist. PeckShield's latest report exposes the bleeding edge of decentralized insecurity.

Hackers feast on $140M buffet

Seventeen protocols got carved up like Thanksgiving turkeys. No project names? No problem—the blockchain doesn't forget. Cross-chain bridges apparently still function as hacker ATMs (some things never change).

DeFi's 'trustless' paradox

Every smart contract flaw is a neon welcome sign for digital bandits. Meanwhile, traditional finance snickers behind their 80-year-old firewalls—how's that 'code is law' working out?

The silver lining? At least it's not June 2022 numbers... progress?

CoinDCX, GMX among the hardest-hit platforms

CoinDCX, a leading Indian exchange, was the target of the single largest exploit, which caused it to lose $44.2 million on July 19. While initial reports blamed a server breach, local police later revealed the attack was triggered by malware sent via a fake job offer to a company employee.

This breach exposed weaknesses in internal security practices, even at well-established firms.

#PeckShieldAlert In July 2025, ~17 major crypto hacks were recorded, resulting in total losses of $142M—a 27.2% increase (from $111.6M in June). Notably, the #GMX exploiter has returned ~$40.5M worth of cryptos, including 10K ETH and 10.5M $FRAX.#Top5 Hacks in July 2025:… pic.twitter.com/Y5VLUILq5Z

GMX (GMX), a decentralized derivatives protocol, was the second-largest victim. It lost $42 million earlier in the month due to a contract vulnerability. Roughly $40.5 million in ethereum (ETH) and Legacy Frax Dollar (FRAX) was later returned, but the exploit still raised alarms about decentralized finance risk.

Other major breaches in July included BigONE Exchange at $28M, WOO X at $12M, and Future Protocol at $4.2M. Even with the partial recovery from the GMX attacker, a net loss of over $100 million was reported in July. PeckShield’s insights show that malicious actors continue to stay one step ahead despite heightened awareness and on-chain surveillance.

Laundering Speed Leaves Little Time to Respond

A deeper LAYER of concern lies in how quickly attackers now move stolen funds. According to a new H1 2025 report by Global Ledger, a blockchain-focused anti-money laundering and forensics firm, attackers are not only striking more often,they’re laundering assets faster than ever before.

“The fastest attacker fund movement in H1’25 was just 4 seconds,” Global Ledger wrote in its summary. In one case, the entire laundering process, from the initial movement to the last destination, was completed in just under 3 minutes.

Global Ledger also found that in nearly 70% of cases, funds were already in motion before the incident was publicly disclosed. Effective responses from compliance teams, regulators, or centralized exchanges are hampered by this delay. Only 4.6% of stolen assets were recovered in the first half of 2025, even though technology to track transactions was available.

“Speed has become a dangerous new weapon,” the report stated, warning that traditional AML workflows are no longer sufficient on their own. Many of July’s exploits involved smart contract flaws, malicious approvals, or compromised keys, types of attacks that remain difficult to prevent with current tools.

 The report concluded that without faster detection methods and tighter internal security, platforms may continue to fall behind as attackers get smarter and quicker.