July 2025 saw several more hacks than the previous month, with seven hacks with over $1 million in losses, compared to June’s four. However, the two months had roughly the same amount of losses. In total, an estimated $134 million was stolen in July versus $112 million in June.

In July 2025, seven major DeFi hacks involved losses of at least $1 million. These include:

• Texture: In July 2025, Texture, a lending platform based on Solana, lost an estimated $2.2 million due to a smart contract vulnerability exploit. The root cause was weak access control in the protocol’s rebalance feature.

• GMX: GMX, a major DEX, suffered approximately $42 million in losses due to a reentrancy attack on its systems. A patch for an earlier vulnerability introduced a bug that allowed the attacker to manipulate global short average prices in a reentrancy exploit.
  

• Kinto: In July 2025, Kinto, a modular exchange platform hosted on Arbitrum, was the victim of an infinite mint attack. The attacker stole an estimated $1.5 million by exploiting a recently discovered vulnerability in contracts using ERC1967Proxy.
  

• Arcadia: An estimated $3.5 million was stolen from Arcadia by exploiting permissions delegated by its users to its asset manager contracts. The attacker exploited a lack of calldata validation to perform a series of calls that bypassed built-in access controls and permissions to drain user accounts.
  

• BigONE: BigONE suffered a supply chain breach in July 2025. The attacker compromised account management and risk control servers and modified their logic to approve all transactions without validation, resulting in approximately $27 million in losses.
  

• CoinDCX: CoinDCX, an Indian CEX, lost over $44 million due to a compromise of one of the project’s servers. The incident was finally disclosed after 17 hours, after being made public by ZachXBT.
  

• WOO X: The July Hack of WOO X began with a phishing attack targeting a team member that led to the attacker gaining access to the project’s development environment. From there, the attacker performed malicious transactions targeting nine user accounts to steal approximately $14 million.

The root causes of the biggest DeFi attacks of July 2025 were split between on-chain and off-chain vulnerabilities. In several cases, smart contract vulnerabilities such as reentrancy, lack of calldata validation, and weak access controls led to millions in losses. In the rest, attackers compromised backend servers and systems, using them to achieve their goals.

These hacks demonstrate the importance of a well-rounded security program, augmenting smart contract code audits with strong security practices. Hallborn offers support in both areas, ensuring holistic security both on-chain and off-chain. Get in touch to find out more.