In August 2025, DeFi hackers slowed down their operations just like the rest of the world. This month, four DeFi protocols were exploited for more than $1 million. In total, these protocols lost approximately $65 million. In contrast, July’s seven major DeFi hacks cost protocols about $134 million.
Biggest DeFi Hacks of August 2025
In August 2025, four DeFi hacks involved losses that crossed the $1 million threshold. These included:
CrediX: In August 2025, CrediX, a decentralized exchange (DEX), was the victim of a $4.5 million hack. The attacker exploited weak access management to mint tokens and drain value from the protocol’s pools.
Odin.fun: Odin.fun is a memecoin launchpad that lost an estimated $7 million to DeFi hackers. The attackers took advantage of logical errors in the protocol’s AMM code to inflate the value of worthless tokens, then make withdrawals from the platform.
BtcTurk: BtcTurk, a Turkish centralized exchange (CEX), suffered its second hack in 14 months in August 2025. Once again, compromised private keys allowed the attackers to drain value from hot wallets to the tune of $48 million.
BetterBank: BetterBank, a PulseChain lending protocol, suffered a $5 million exploit in August 2025. The attacker took advantage of weak controls in the protocol’s bonus minting system, creating fake liquidity pairs to drain value from the protocol.
Lessons Learned from the Attacks
Unlike many of the biggest DeFi hacks of 2025, August’s incidents were primarily caused by smart contract vulnerabilities. CrediX, Odin.fun, and BetterBank were all exploited by attackers who took advantage of logical errors in the protocol’s smart contracts.
That said, the one hack that involved off-chain security issues was BtcTurk, which was more expensive than the other three put together. This attack, like many of the most significant hacks of 2025, involved compromised private keys.
This mix of incidents underscores the importance of a comprehensive security program for DeFi projects. The smart contract vulnerabilities exploited in the majority of the hacks involved logical errors that should have been corrected as a result of a comprehensive smart contract audit. By implementing private key security best practices, BtcTurk might have avoided falling for the same threat twice in a little over a year.
Halborn offers security consulting and smart contract auditing services designed to address both off-chain and on-chain security threats to DeFi protocols. To enhance your protocol’s security with Halborn, get in touch.