A $91 million social engineering theft from a Bitcoiner and the $50 million breach at Turkish exchange Btcturk accounted for most of the losses. While the number of hacks is trending downward, experts warn that rising crypto prices are making high-value targets more attractive. At the same time, scams like the “try my game” hack are exploiting trust rather than code to drain wallets. Security leaders warn that fake recruitment campaigns and approval phishing are also on the rise.
Crypto Criminals Steal $163M in August
Hackers and scammers stole over $163 million from the crypto sector in August, according to data from blockchain security firm PeckShield. This is a 15% increase from July’s $142 million in losses. While the figure is down 47% compared to the same time last year, it still shed some light on a worrying shift in strategy by cybercriminals who are now focusing their efforts on high-value centralized exchanges and people with large crypto holdings.
One of the most damaging incidents last month involved a Bitcoiner who lost 783 BTC, which was worth around $91 million at the time, in a sophisticated social engineering attack. The victim was deceived by bad actors posing as support staff from a crypto exchange and hardware wallet provider, which led to one of the largest individual thefts of the year.
Another major incident occurred at Turkish crypto exchange Btcturk, which lost almost $50 million after attackers breached its hot wallets. This was the exchange’s second major hack in just over a year, and it raised serious questions about its security infrastructure.
Although the dollar amount of losses increased, PeckShield pointed out that the number of attacks continues to decline. Sixteen hacks were recorded in August compared to 17 in July and 20 in June. This is a good sign that overall ecosystem security is gradually improving. Still, experts believe that rising crypto prices are making the space an increasingly attractive target. Both Bitcoin and Ethereum hit new all-time highs in August, amplifying the potential rewards for hackers.
Hank Huang, CEO of Kronos Research, explained that surging prices create higher-value rewards for attackers, while the pace of security improvements is still quite slow. He warned that losses could continue to rise for the rest of the year unless security technology catches up.
On a more optimistic note, Huang pointed out that AI-driven tools and stronger security models could provide meaningful protection in the future. For now, both individuals and corporations holding large amounts of crypto are being urged to adopt stronger, proactive security measures to defend against sophisticated phishing and social engineering campaigns.
Try My Game Hack Drains Crypto Wallets
Last month, crypto user and NFT artist Princess Hypio also revealed that she lost $170,000 in digital assets after falling victim to a scam known as the “try my game” hack. The scheme has been circulating for years in various online communities, and it typically involves attackers embedding themselves in Discord groups or similar platforms, gaining trust, and then luring targets into downloading malware under the guise of a game.
In Hypio’s case, a scammer convinced her to play a game on Steam, even offering to buy it for her. While the game itself was safe, the malicious server hosting it contained Trojan malware that gave attackers access to her device. This allowed them to drain her crypto and NFTs, including a Milady NFT. She later explained that three of her friends also fell prey to the same tactic.
Experts say this scam thrives not on exploiting code, but on exploiting trust. Nick Percoco, chief security officer at Kraken, explained that the biggest vulnerability in crypto is human trust rather than technical flaws. Attackers mimic the behavior of trusted friends, learn community slang, and slowly manipulate targets into lowering their guard. Similarly, Gabi Urrutia, chief information security officer at Halborn, described the scam as a blend of malware and social engineering. While it is not necessarily highly sophisticated, it is effective because it abuses trust in tight-knit online communities.
Reports of the tactic extend beyond crypto, with users warning on forums like Malwarebytes and Reddit about similar scams targeting gamers. Percoco pointed out that while crypto is often the first sector to encounter these attacks, they tend to spread across industries.
Both experts advised users to be skeptical, verify identities through separate channels, avoid running unknown software, and be cautious about mixing gaming and wallet management on the same devices. Communities themselves can also help by tightening verification processes and limiting direct messages from strangers.
Announcement from Cisco Talos
Percoco also warned that an even more dangerous trend is growing: fake recruitment campaigns. In June, North Korea-linked hackers reportedly targeted crypto job seekers with malware disguised as recruitment tests, to steal wallet and password manager credentials. Urrutia added that scams exploiting blind signing and approval phishing are also becoming more common.
