SlowMist Monthly Security Report: August Estimated Losses at $82.89 Million

Main Safety Incidents

BtcTurk

On August 14, 2025, Turkish cryptocurrency alternate BtcTurk reportedly suffered one other assault, leading to losses of roughly $54 million. This was the second main incident in simply over a yr, following a $90 million hack on June 22, 2024.

In its official assertion, BtcTurk acknowledged “irregular exercise” in its sizzling wallets and suspended deposits and withdrawals, however didn’t disclose additional particulars relating to the dimensions or technical specifics of the assault.

ODIN.FUN

On August 12, 2025, the Bitcoin-based meme coin issuance platform ODIN.FUN was exploited, resulting in losses of 58.2 BTC (round $7 million). The attacker allegedly manipulated the costs of a number of tokens and withdrew BTC based mostly on the inflated valuations.

On August 17, ODIN.FUN co-founder Bob Bodily reported that over 30 BTC had been recovered, with extra funds nonetheless within the means of being retrieved.

BetterBank

On August 27, 2025, the PulseChain-based DeFi challenge BetterBank was exploited, with losses of round $5 million. The attacker leveraged a contract vulnerability to mint arbitrary tokens, a few of which had been swapped for ETH.

Subsequently, the attacker returned roughly 550 million pDAI (round $2.7 million) value of stolen property.

Credix

On August 4, 2025, the decentralized lending protocol Credix was exploited, with losses totaling $4.5 million. By gaining management of an administrator pockets, the attacker minted tokens and drained liquidity swimming pools.

Following the incident, Credix introduced that it had reached a settlement with the attacker, who agreed to return the funds in alternate for a cost from the challenge’s treasury. Nevertheless, the challenge didn’t disclose the precise settlement quantity. Shortly afterward, Credix’s social media accounts had been deleted and the staff disappeared, elevating widespread suspicions that the “assault” might have been an orchestrated exit rip-off. As of now, the promised compensation has not been delivered.

Evaluation and Safety Suggestions

August’s incidents spotlight a number of recurring dangers. Sizzling wallets on centralized platforms stay prime targets, with breaches usually resulting in vital losses. Within the DeFi ecosystem, vulnerabilities proceed to floor, notably in areas involving value manipulation and token minting logic, suggesting that many protocols lack ongoing safety upkeep after launch. Circumstances the place groups vanished after incidents additionally elevate issues that some so-called “assaults” might in truth be exit scams, which might inflict even better harm on customers.

General, the problem of recovering stolen property stays excessive. Whereas just a few tasks have managed partial recoveries, the quantities are restricted, underscoring that prevention is much simpler than post-incident restoration. Each platforms and customers should constantly improve their safety consciousness and safeguards. Protocols ought to preserve rigorous safety auditing practices to determine and patch vulnerabilities in a well timed method, whereas asset administration programs should strengthen pockets segregation and monitoring mechanisms. Staying alert to the newest assault vectors and safety traits can also be important.

For particular person customers, sources such because the Blockchain Dark Forest Self-Guard Handbook can present sensible steerage on bettering private safety within the Web3 ecosystem.

Lastly, the incidents coated on this report symbolize the most important instances noticed in August. For extra particulars on Web3 safety incidents, please confer with the SlowMist Hacked Archive.