What Are the Biggest Smart Contract Vulnerabilities That Led to Major Crypto Hacks in 2025?

Major smart contract vulnerabilities led to over $1 billion in crypto hacks in 2025

The year 2025 has witnessed catastrophic security breaches in the cryptocurrency ecosystem, with smart contract vulnerabilities accounting for a significant portion of the over $2.1 billion stolen through hacking incidents. According to multiple security reports, the landscape of crypto attacks has evolved dramatically, with hackers exploiting fundamental flaws in blockchain infrastructure.

The Cetus hack stands out as one of the most devastating incidents, where attackers drained $223 million in just 15 minutes, marking DeFi's worst quarter since early 2023. This single event contributed substantially to the growing financial losses in the sector.

| Security Issue Type | Amount Lost (2025) | Percentage of Total Losses | |---------------------|---------------------|---------------------------| | Smart Contract Exploits | >$1 billion | ~48% | | Access Control Vulnerabilities | $1.6 billion (Q1 alone) | ~76% | | Social Engineering/Phishing | ~$330.7 million | ~16% |

Security experts from CertiK and Hacken have noted a concerning trend where hackers are diversifying their attack vectors, moving from purely technical exploits to combined approaches that target both code vulnerabilities and human psychology. This evolution in attack methodology has created a more complex threat landscape requiring enhanced security protocols and greater vigilance from both developers and users of cryptocurrency platforms.

XPL token manipulation on Hyperliquid caused $33 million liquidation event

On August 26, 2025, the cryptocurrency market witnessed a significant market manipulation event involving XPL token on the Hyperliquid platform. A strategic whale executed a calculated move by purchasing $33 million worth of USDC and simultaneously establishing short positions on XPL. This coordinated action triggered extreme price volatility, causing XPL's value to surge by an astonishing 200% in minutes, reaching $1.80 before rapidly collapsing.

The manipulation had devastating consequences for traders, particularly pre-sale arbitrageurs. These investors had initially acquired tokens during XPL's public sale at $0.05 and attempted to hedge their positions through short contracts. However, the artificial price spike triggered a cascade of liquidations.

| Manipulation Impact | Details | |-------------------|---------| | Total Liquidation Value | $33 million | | Price Increase | 200% (peak $1.80) | | Main Victims | Pre-sale arbitrageurs | | Liquidity Drained | Approximately 70% | | Funding Generated | $7.7 million |

The incident dramatically altered Hyperliquid's market structure, leaving only nine major players with active positions on XPL—four maintaining long positions and five continuing to short the pre-launch token. This event highlights the vulnerability of pre-market tokens with thin liquidity to manipulation by well-funded entities capable of exploiting unregulated leverage mechanisms.

Aster DEX glitch pushed XPL price to $4, prompting user compensation

A significant technical disruption occurred on Aster DEX when the XPL token price suddenly spiked from approximately $1.30 to over $4, triggering a wave of unintended liquidations. The incident, which happened around 11 p.m. UTC on Thursday, was traced to a misconfigured index that removed price caps on the XPL perpetual trading pair. In response, Aster DEX swiftly suspended trading activities and implemented a comprehensive compensation strategy for affected users.

The exchange demonstrated remarkable crisis management by providing direct USDT refunds to all traders impacted by the abnormal price movements, estimated to have caused over $4 million in liquidation losses. This decisive action has been instrumental in maintaining user trust despite the technical failure.

| Metric | Before Glitch | During Glitch | After Resolution | |--------|--------------|--------------|-----------------| | XPL Price | $1.30 | Nearly $4.00 | Stabilized to market rate | | Trading Volume | Normal | Disrupted | Surged to $46 billion | | New Accounts | Steady growth | Affected | 468,000 in 24 hours |

Despite this disruption, Aster DEX generated $16.3 million in trading fees over a 24-hour period following the incident, showcasing remarkable resilience. The exchange now reports more than 2.57 million total traders, indicating that market confidence remains strong despite the technical glitch.