Overview
The Web3 ecosystem experienced a tumultuous July, with SlowMist's latest monthly report revealing an estimated $147 million in total security losses. According to the SlowMist Blockchain Hacked Incident Database, 13 major hacks alone accounted for approximately $140 million of that sum, with only $42.48 million subsequently frozen or recovered. These incidents primarily stemmed from a combination of contract vulnerabilities, supply chain attacks, and account compromises. Data from anti-scam platform Scam Sniffer shows that phishing attacks claimed 9,143 victims in July, with a collective loss of $7.09 million.
The monthly security report, which has become a crucial benchmark for the industry, paints a picture of growing cyber-criminal sophistication. The net loss of over $100 million for the month highlights that while security measures are improving, they are often outpaced by attackers who are finding new and creative ways to exploit both technical and human vulnerabilities.
Major Security Incidents
CoinDCX
The most prominent incident of the month was a $44.2 million loss suffered by the prominent cryptocurrency exchange CoinDCX.
On July 19, 2025, CoinDCX co-founder Sumit Gupta responded on X, stating that the compromised wallet was an internal operations account used solely for providing liquidity. He emphasized that customer funds were stored securely in cold wallets and were not affected. Trading and withdrawals would resume shortly, and all losses incurred from the attack would be covered by CoinDCX’s reserves.
The breach, reportedly caused by a malware attack that exploited a vulnerability in the exchange's infrastructure, serves as a stark reminder that even centralized entities within the Web3 space are not immune to malicious software. This high-profile attack contributed significantly to the month's total losses and brought renewed scrutiny to the security practices of major trading platforms.
Beyond centralized exchanges, decentralized finance (DeFi) protocols continued to be a primary target. On July 9, 2025, SlowMist’s MistEye security monitoring system detected an exploit targeting the decentralized exchange GMX, resulting in losses of over $42 million. SlowMist's analysis points to multiple attacks that leveraged common but still effective methods, including smart contract vulnerabilities and misconfigurations. These incidents, though individually smaller than the CoinDCX hack, collectively represent a substantial threat, demonstrating that the complex, interconnected nature of DeFi makes it a fertile ground for exploitation.
Credit: @SlowMist_Team on X (Twitter)
The report's analysis of attack vectors reveals a troubling trend. While sophisticated technical exploits dominate the headlines, common methods like phishing, private key theft, and rug pulls remain incredibly effective. This suggests a dual challenge for the Web3 industry: a need for not only more rigorous code audits and infrastructure hardening but also a massive push for user education. The most robust smart contract is useless if a user's private key is stolen through a social engineering scam. The CoinDCX breach, which was reportedly linked to a malware delivered via a social engineering campaign targeting an employee, perfectly illustrates this intersection of technical and human-centric risks.
Analysis
This report is more than just a tally of losses; it's a critical stress test for the Web3 ecosystem's maturity. The fact that the industry saw billions of dollars in losses in the first half of 2025, with July adding another significant sum, shows that the innovation curve is still far ahead of the security curve. The recovery of a portion of the funds, while positive, shouldn't be a source of comfort. It merely highlights the reactive nature of current security measures. For Web3 to achieve its full potential and gain widespread mainstream trust, it needs to move from a reactive posture to a proactive one. This means not only building stronger systems but also fostering a culture of security where every user is empowered with the knowledge to protect their assets.
Conclusion
In conclusion, the SlowMist July report is a wake-up call for everyone in the Web3 space—from developers and platform operators to individual token holders. The persistent threats and significant financial losses serve as a clear indicator that security cannot be an afterthought. Only through collaborative efforts, including more frequent and robust audits, constant vigilance against social engineering, and a commitment to user education, can the industry hope to build a truly safe and sustainable digital future.
Sources:
-
Medium – SlowMist Monthly Security Report: July Estimated Losses at $147 Million
-
SlowMist – the Blockchain Hacked Incident Database (https://hacked.slowmist.io)
