October 29 2025 • 5 minutes
October 2025 saw a total of $38.63 million lost across nine distinct security incidents in both centralized and decentralized platforms. While this figure is considerably lower than the catastrophic quarters earlier in the year, it still signals persistent vulnerabilities across DeFi infrastructure. Only $480,000 was recovered, showing that even with smaller breaches, post-hack recovery remains elusive for most projects. Cumulatively, the year-to-date losses in 2025 have surpassed $8.8 billion, with recoveries remaining below the $100 million threshold, highlighting a widening security performance gap across the Web3 ecosystem.
Compared to September 2025, which recorded approximately $38.9 million in losses across eleven exploits, October’s total of $38.63 million marks a slight decline in both total funds lost and the number of major incidents. This continued downtrend from Q3’s catastrophic highs suggests a temporary reprieve in attacker activity or a shift toward targeting fewer, higher-value vulnerabilities. However, despite the decline in raw losses, the concentration of damage in a single access control failure (Hyperliquid) continues a pattern observed throughout the year: a small number of poorly secured systems can skew overall impact significantly.
Year-on-year, we observe a significant reduction in total losses, dropping from approximately $118 million in October 2024 to $38.63 million this year, representing a 67.3% year-on-year decrease.
The most severe incident this month was Hyperliquid, where a private key compromise led to the theft of $21 million without authorization. This was not a vulnerability in smart contracts but a fundamental access control failure at the user level, again stressing the supreme importance of private key management, multi-factor authentication, and real-time anomaly detection systems.
One other notable exploit was that of Typus Finance, a yield aggregator protocol that was drained for $3.44 million due to oracle manipulation. The exploit was due to manipulated price feeds that were leveraged to steal funds by exploiting mispriced asset values. Oracle-based exploits remain one of the most ongoing threats to DeFi, particularly when off-chain data feeds are integrated without redundancy or protective measures like circuit breakers.
Other exploits included a $1.7 million Abracadabra exploit, without public disclosure of the underlying vulnerability. Meanwhile, Astera was flashloan exploited on the Linea chain for losses of $821,856, and Sharwa Finance on Arbitrum suffered a smart contract level compromise for $147,000 in losses. These lower-profile incidents cumulatively added more than $3 million to the monthly total.
The most damaging attack vector in October was again access control, which accounted for over 46% of total losses, due primarily to the Hyperliquid compromise. This category includes both administrative access abuse and individual user key losses, often preventable with robust security practices.
Other types of exploit attack was the second-most severe vector, with the Garden Finance breach illustrating how manipulable or under-tested smart contracts’ security rate can result in cascading asset drainages. Flashloan attacks, though less frequent in recent months, also reemerged through the Astera case. Additional incidents involving generic smart contract bugs, rugpulls, and exit scams were observed, albeit in smaller amounts.
While Hyperliquid’s loss occurred on HyperEVM, a lesser-known chain, other attacks took place across major Layer 1 and Layer 2 ecosystems. Ethereum was again a primary target, experiencing exploits in several protocols including Garden Finance, Typus, Abracadabra, and Silo. Linea, a newer ZK rollup chain, was hit via the flashloan exploit on Astera. Arbitrum, Base, and Binance Smart Chain (BSC) each recorded at least one security event.
The distribution underscores the reality that no chain is immune, as long as protocols rush to market without adequate security audits, stress tests, or post-deployment monitoring, attackers will continue to find ways in.
In terms of affected project types, decentralized exchanges (DEXes) and yield aggregators bore the brunt of losses. DEXes such as Sharwa and Velora were compromised via either contract logic flaws or manipulated inputs. Yield aggregators, particularly Typus Finance, saw significant drainages through misconfigured oracles. Stablecoin and borrowing/lending protocols also featured among the victims, albeit with smaller monetary impact this month.
Interestingly, centralized exchange platforms were largely spared in October, contrasting earlier months where internal fraud and admin key mismanagement led to outsized losses. Nevertheless, CeFi platforms remain exposed, especially those operating with opaque governance or loosely defined recovery plans.
Despite the lower magnitude of total losses, only $480,000 was successfully recovered in October 2025. The primary recovery came via white-hat negotiations and voluntary fund returns. There were no major clawbacks coordinated by chain analytics firms or legal authorities.
The limited recovery underscores a key challenge: many affected projects still lack a formal incident response plan, and fail to engage proactively with white-hat communities or law enforcement. Until structured protocols for post-hack response become standard, the chances of recovering stolen assets will remain minimal.
October’s exploits, while fewer in number, were concentrated in their financial impact. Below are the top 10 largest incidents for the month of October 2025, which together account for the vast majority of the $27.63 million lost. Each incident is categorized by its associated attack vector.
1. Hyperliquid: $21,000,000 (Access Control)
2. Garden Finance: $11,000,000 (Exploit/Other)
3. Typus Finance: $3,440,000 (Oracle Manipulation)
4. Abracadabra: $1,700,000 (Exploit/Other)
5. Astera: $821,856 (Flash Loan)
6. EIP-7702 Delegation Exploit: $336,000 (Access Control)
7. Sharwa Finance: $147,000 (Exploit/Other)
8. Squid (Base & Optimism): $90,000 (Exploit/Other)
9. OracleBNB: $80,000 (Rugpull)
10. VeloraDEX: $20,000 (Exploit/Other)
These incidents reinforce the trend observed throughout 2025: a small number of large breaches continue to dominate loss volumes, while hundreds of smaller, often unreported, vulnerabilities quietly drain funds across the long tail of DeFi protocols.
October 29 • 5 minutes
October 2025 saw a total of $38.63 million lost across nine distinct security incidents in both centralized and decentralized platforms.
October 29 • 5 minutes
The third quarter of 2025 marked yet another turbulent period for the DeFi and wider crypto ecosystem, with $434,124,000 lost to exploits, scams, and security failures across both centralized and decentralized platforms.
October 1 • 14 minutes
June 2025 witnessed another alarming month for Web3 security, with a total of $114,768,000 lost during 11 separate attacks
June 30 • 10 minutes
May 2025 saw both DeFi and CeFi security once again under attack, with $275,953,000 lost across just 8 recorded incidents
May 31 • 8 minutes
April 2025 witnessed a large escalation in exploit volume and value, with a massive $5,919,684,000 being stolen in 10 confirmed events.
April 30 • 10 minutes
Q1 2025 marked one of the worst quarters in blockchain exploit history, with total recorded losses topping $2,052,584,700 across 37 incidents
March 31 • 8 minutes
© De.Fi. All rights reserved.
