In June 2025, crypto projects’ losses from hacker attacks decreased significantly – by 56% compared to May, and amounted to $116.6 million, cybersecurity specialists from PeckShield reported. Despite the decrease in the total amount of damage, the market continues to face serious threats associated with both hacks of project infrastructure and attacks on users 1 .

The most resonant event of June was the hacking of the largest Iranian crypto exchange Nobitex, the damage from which exceeded $82 million. The attack was carried out by the hacker group Gonjeshke Darande, known as Predatory Sparrow, associated with Israel. As a result of the hack, the attackers gained access to the exchange’s assets and disclosed the platform’s source code, which further increased security risks 1 10 .

ResupplyFi Protocol Hack: $9.6 Million in Damages

DeFi protocol ResupplyFi suffered an exploit that resulted in the loss of about $9.6 million. The attack targeted the wstUSR market and was related to a vulnerability in the smart contract, namely in the logic of calculating the exchange rate of the crvUSD token. The attacker artificially inflated the price of the cvcrvUSD token (a wrapped version of crvUSD) using the “donation” mechanism, which caused a sharp increase in the value of the asset and allowed to take out a loan of 10 million native reUSD stablecoins, while the collateral was only 1 wei. This made it possible to withdraw large funds from the protocol with virtually no collateral 1 5 6 .

The ResupplyFi team responded quickly: the vulnerable contract was identified and suspended, and the affected crvUSD-wstUSR pair was temporarily blocked. To compensate for the losses, the protocol proposed to burn 6 million reUSD from the insurance pool, which is approximately 15.5% of the total token volume in it. In addition, the treasury is already covering part of the losses – about 2.86 million reUSD. The remaining debt of 1.13 million reUSD is planned to be repaid gradually at the expense of DAO revenues, including fees and the sale of RSUP tokens. There is also a retention program for affected users, providing them with additional RSUP tokens as an incentive, while they retain the ability to withdraw their assets at any time 2 3 6 .

Several leading blockchain security companies — Beosin, CertiK, and SlowMist — are conducting a thorough investigation into the incident, analyzing the mechanics of the attack and the movement of the stolen funds. According to CertiK, the attack involved only about $4,000 taken via flashloan, highlighting the sophistication and minimal investment of the attacker 5 .

Other significant losses in June

In addition to Nobitex and Resupply, ALEXLabBTC ($8.4 million) and ForceBridge ($3.8 million) suffered significant losses. There was also a reported theft of $3.2 million from a Solana user, highlighting the ongoing threat to individual market participants 1 .

General dynamics and experts’ conclusions

According to the results of May, the total losses of the crypto industry from 20 recorded hacker attacks amounted to $244.1 million, which is 40% less than in April. In June, the decrease in damage was already 56% compared to May. Nevertheless, PeckShield experts emphasize that despite the positive dynamics, hacks of project infrastructure and attacks on users remain the main threats to the crypto market. This requires constant improvement of security mechanisms, improvement of the quality of smart contract audits and strengthening of user protection 1 .

Thus, June 2025 demonstrated important trends in crypto industry cybersecurity: despite the decrease in overall damage, major attacks such as the Nobitex hack and the ResupplyFi exploit show that risks remain high. Rapid response measures and recovery plans like Resupply’s become critical to maintaining confidence and market resilience.

Why Crypto Projects’ Losses in June Were Down 56% Compared to May

Crypto projects’ losses from hacker attacks in June 2025 decreased by 56% compared to May for several key reasons.

Firstly, the overall number of major attacks has decreased – 15 significant incidents were recorded in June, while there were more in May, which directly affected the total damage. Despite the high-profile hack of the Iranian crypto exchange Nobitex with losses of over $82 million, the remaining attacks were smaller in scale, and the damage from them was significantly lower 1 3 .

Secondly, the decrease in activity on the crypto market in June, expressed in a 56% drop in trading volumes compared to May, also affected the reduction in losses. A smaller volume of transactions and a decrease in the interest of traders lead to a decrease in the attractiveness of attacks for hackers, since the potential benefit becomes less 2 .

In addition, the crypto industry continues to strengthen security measures: modern systems for real-time transaction monitoring and anomaly detection are being implemented, which allows for faster detection and prevention of attacks. Increased cooperation between market participants and law enforcement agencies also contributes to a decrease in successful hacks 5 .

Thus, a combination of fewer major attacks, lower trading activity, and improved cybersecurity was the main reason for the 56% decrease in crypto project losses in June compared to May. However, experts warn that the threat of infrastructure hacks and attacks on users remains a serious problem for the market 3 .

What factors contributed to the reduction of damage from hacker attacks in June

Several key factors contributed to the reduction in damage from hacker attacks in June 2025:

• Reduction in the number of successful attacks and decreased activity of attackers. The first half of 2024 saw a significant decrease in the number of successful attacks using downloaders — more than 3 times compared to last year. This is due to both the changing interests of hackers and the results of international operations to combat cybercrime, during which initial access brokers were arrested and servers used to distribute malware were seized. Such measures temporarily reduce the number of attacks and reduce damage 1 .
• Strengthening protection and monitoring measures. In Russia and other countries, the efficiency of DDoS attack and phishing resource blocking systems has increased significantly. Monitoring centers repel hundreds of massive attacks, block malicious sites, and detect traffic routing violations. The introduction of Antifraud systems and increased requirements for storing incident information allow for better analysis and prevention of attacks, which reduces their success and, accordingly, damage 2 3 .
• Advances in technology and the use of artificial intelligence. The use of integrated security platforms with AI elements allows for real-time detection and mitigation of threats, minimizing the impact of attacks. Such solutions combine endpoint, identity, email, and cloud protection, increasing overall infrastructure resilience 6 .
• Decrease in trading activity in the crypto market. Decrease in trading volumes and interest in cryptocurrencies reduces the attractiveness of attacks for hackers, as the potential profit from hacks becomes less significant. This indirectly helps reduce damage [from the previous context].

Taken together, these factors led to a 56% decrease in overall damage from hacker attacks on crypto projects in June compared to May, despite some major incidents such as the hack of crypto exchange Nobitex. However, experts warn that the threats remain high and that further improvements in security measures are needed 1 2 3 6 .

How the Nobitex hack affected the reputation and security of Iranian crypto exchanges

The hack of Iranian crypto exchange Nobitex in June 2025 had a significant impact on the reputation and security of the entire cryptocurrency industry in Iran and the region as a whole.

Damage to reputation and trust

Nobitex is Iran’s largest crypto exchange, which before the incident was a key player in the local market and an important tool for bypassing international sanctions. The hack, worth an estimated $82–90 million, carried out by the Gonjeshke Darande hacker group (allegedly linked to Israel), became a high-profile political and cyber event. The hackers publicly stated that the goal of the attack was not just to steal funds, but to damage the reputation of the Iranian government and crypto exchanges, which they believe facilitate the financing of terrorism and the circumvention of sanctions 1 6 .

The incident exposed the vulnerability of Iranian crypto platforms to cyberattacks, which negatively affected the confidence of users and investors. Many Nobitex clients lost access to their assets, and the temporary suspension of the exchange increased concerns about the safety of funds on centralized platforms 2 5 .

Impact on safety and regulation

The hack exposed serious security holes in Nobitex, particularly in the protection of hot wallets and infrastructure. The exchange confirmed that access to hot wallets and the notification system had been compromised, but stated that funds in cold wallets were not affected and that losses would be compensated from the company’s insurance fund and reserves 1 5 .

Following the incident, Iranian regulators, including the Central Bank, imposed temporary restrictions and tightened licensing requirements for cryptocurrency platforms, signaling a growing focus on security and oversight in the industry 3 .

Geopolitical context and implications

The attack on Nobitex was part of a broader hybrid war between Israel and Iran, where cyberattacks are used as a tool to pressure and undermine the enemy’s infrastructure. The hackers even promised to publish the exchange’s source code and internal information, which creates additional risks to the security and privacy of data 1 6 .

In addition, according to analysts, information obtained as a result of the hack could have helped Israeli intelligence services uncover a network of Iranian agents, which increased the political significance of the incident 9 .

Results

The Nobitex hack has seriously damaged trust in Iranian crypto exchanges, exposed their security vulnerabilities, and served as a catalyst for stricter regulations. The incident has clearly demonstrated that crypto exchanges remain a target not only for cybercriminals but also for state-sponsored hackers using attacks for political purposes. As a result, the security and transparency of crypto platforms in the region require significant improvement to restore user confidence and ensure market sustainability.

What was the vulnerability of the ResupplyFi protocol and how did it affect its operation?

The vulnerability in the ResupplyFi protocol, discovered in June 2025, was in the smart contract that runs the wstUSR market and was related to the logic for calculating the exchange rate of the crvUSD token (a wrapped version of the crvUSD stablecoin).

Vulnerability mechanism

The attacker used an exploit that allowed him to artificially inflate the price of the cvcrvUSD token. To do this, he used the “donate” function, which affected the calculation of the token’s price. As a result, the price of cvcrvUSD increased sharply, which allowed the attacker to borrow about 10 million native reUSD stablecoins, providing only 1 wei, the smallest unit of ether, as collateral. Thus, the loan was practically unsecured.

Impact on protocol operation

The exploit resulted in significant financial losses – about $9.6 million. The protocol was unable to adequately evaluate collateral and loans, which allowed large amounts of funds to be withdrawn from the system.

After the vulnerability was discovered, ResupplyFi developers promptly suspended the affected crvUSD-wstUSR market and blocked the vulnerable contract. In order to compensate for the losses, it was decided to burn 6 million reUSD from the insurance pool, which is approximately 15.5% of the total token volume in the pool. In addition, the protocol treasury has already compensated for part of the losses – about 2.86 million reUSD, and the remaining debt of 1.13 million reUSD is planned to be repaid gradually at the expense of DAO income.

A retention program has also been launched for affected users, providing additional RSUP tokens as an incentive, while still allowing users to withdraw their holdings at any time.

Investigation and further action

Leading blockchain security companies Beosin, CertiK, and SlowMist are conducting a thorough investigation into the incident, analyzing the mechanics of the attack and the movement of the stolen funds. According to CertiK, only about $4,000 taken through a flashloan was used for the attack, which highlights the sophistication and minimal costs of the attacker.

Overall, the vulnerability highlights the need for more thorough auditing of smart contracts and improved collateral assessment and risk management mechanisms in DeFi protocols to prevent similar attacks in the future.

What measures are experts taking to protect the infrastructure of crypto projects from new attacks

Cybersecurity experts are taking comprehensive measures to protect the infrastructure of crypto projects from new attacks, based on modern technologies and best practices:

• Multi-level (echeloned) protection and network segmentation. In the infrastructure of crypto projects, production and corporate networks are separated, industrial demilitarized zones (IDMZ) are created for secure data exchange, which reduces the risk of threat spreading and isolates critical system components 1 .
• Real-time traffic monitoring and analysis. Specialized systems are used that automatically monitor network traffic, identify anomalies and suspicious requests, allowing you to quickly block potential attacks, including zero-day attacks 1 4 .
• Applying behavioral analysis and artificial intelligence: New classes of security systems analyze endpoint behavior and network traffic using machine learning to help identify previously unknown threats and minimize the impact of attacks 1 .
• Regular audits and penetration testing: Crypto projects conduct routine security audits of smart contracts and the entire infrastructure, identifying vulnerabilities before they can be exploited by attackers 2 3 8 .
• Use of cryptographic protection methods. Storing keys in “cold” wallets (hardware or paper), using strong passwords and multi-factor authentication (MFA/2FA) significantly reduce the risks of account compromise and theft of funds 3 5 .
• Developing and updating internal regulations and response plans. Includes creating regulations for incident management, disaster recovery, and training personnel for a rapid and coordinated response to cyberattacks 1 6 .
• Decentralization and consensus algorithms. The use of distributed networks and Proof of Work (PoW) or Proof of Stake (PoS) algorithms increases the resistance of the blockchain to attacks, making them economically unprofitable or difficult to implement 2 .

Together, these measures form a multi-layered, intelligent and adaptive security system capable of effectively countering current and future cyber threats in the crypto industry.

1. https://petroleumjournal.kz/index.php?p=article&aid1=179&aid2=999&id=2324&outlang=1
2. https://synaptik.ru/blog/obespechenie-bezopasnosti-dannyh/blokchejn-i-zashhita-dannyh-novye-gorizonty-bezopasnosti/
3. https://rb.ru/story/bezopasnost-v-blokchejne/
4. https://ya.ru/neurum/c/tehnologii/q/kakie_mery_predprinimayutsya_dlya_zaschity_2cf21b4e
5. https://www.kaspersky.ru/resource-center/preemptive-safety/strengthen-cryptocurrency-security
6. https://ybcase.com/fintech/poluchenie-kriptolicenzii-v-paname-uslovia-dokumenty-process
7. https://dissovet.msu.ru/download/9188a020-a007-11ef-941b-005056b96f20
8. https://www.blockchain-ads.com/ru/post/crypto-tokenomics
9. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9A%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D1%8B_%D0%B2_%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8
10. https://selectel.ru/blog/cryptographic-protecting-information/

1. https://ptsecurity.com/ru-ru/research/analytics/financial-industry-security-h2-2023-h1-2024/
2. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:DDoS-%D0%B0%D1%82%D0%B0%D0%BA%D0%B8_%D0%B2_%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8
3. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%91%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C_%D0%BA%D1%80%D0%B8%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0% BA%D0%BE%D0%B9_%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%BE%D0%B 9_%D0%B8%D0%BD%D1%84%D1%80%D0%B0%D1%81%D1%82%D1%80%D1%83%D0%BA%D1%82%D1%83%D1%80%D1%8B_%D0%A0%D0%A4
4. https://neuroinform.ru/blog/retsidiv_kiberatak_pochemu_khakery_vozvrashchayutsya_i_kak_etomu_pomeshat/
5. https://www.angarasecurity.ru/stati/samye-zametnye-i-opasnye-kiberataki-2020-goda/
6. https://www.microsoft.com/ru-ru/security/business/security-101/what-is-a-cyberattack
7. https://cyberleninka.ru/article/n/kiberataka-s-tochki-zreniya-mezhdunarodnogo-publichnogo-prava
8. https://ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-v-stranah-sng-2023-2024/
9. https://ibs-training.ru/about/news/Stsenarii_kiberatak_s_ispolzovaniem_II_Vnutrenniy_perimetr/
10. https://nangs.org/news/it/the-number-of-khaker-attacks-with-mogestational-power-on-the-prompredpriyatiya-rf-increased-by-40

1. https://forklog.com/news/protokol-resupply-vzlomali-na-9-5-mln
2. https://incrypted.com/resupply-planyruet-szhech-6-mln-reusd-posle-vzloma/
3. https://ru.tradingview.com/news/forklog:138f9cf3267b8:0/
4. https://bits.media/postradavshiy-ot-khakerov-protokol-resupply-predlozhil-vozmeshcheniya-poter/?amp
5. https://crypto.ru/neskolko-krupnyh-kompanij-rassleduyut-ataku-resupply/
6. https://www.moneytimes.ru/news/defi-exploit-recovery/71424/
7. https://sgzt.com/%D1%85%D0%B0%D0%BA%D0%B5%D1%80%D1%8B-%D0%BD%D0%B0%D0%BD%D0%B5%D1%81%D0%BB%D0%B8-%D1%83%D0%B4%D0%B0%D1%80-%D0%BF%D0%BE-%D0%BF%D1%80%D0%BE%D1%82%D0%BE%D0%BA%D0%BE%D0%BB%D1%83-resupply-%D1%83%D0%BD/
8. https://elitetrader.ru/index.php?newsid=747081
9. https://cryptochan.net/stream/id/1751268381/
10. https://www.binance.com/ru/square/post/26149694157249