WOO X Exchange Hit by $14M Breach as Phishing Attacks Surge Across Crypto Industry

A sophisticated phishing attack on July 24, 2025, has cost cryptocurrency exchange WOO X $14 million, underscoring the mounting security threats facing the digital asset sector this year.

According to initial investigations, the breach was due to a WOO X team member who fell victim to a targeted phishing scheme that compromised their device.

This breach granted the attacker unauthorized access to both the exchange’s development environment and nine user accounts.

Between 13:50 and 15:40 UTC+8, the attacker coordinated a rapid series of unauthorized withdrawals before the platform discovered and halted the exploit.

But as soon as WOO X realised they were hacked, the exchange immediately suspended all withdrawals while conducting a full forensic review.

The exchange also reassured its community that it would fully reimburse all the affected users and have reached out directly to all nine affected users.

While user trading and funds remain unaffected by the breach, the team will resume the withdrawal functions as soon as the security review is completed.

2025, A Devastating Year for Crypto Security

This incident adds to an already grim picture for crypto security in 2025. Recent data show that Web3 projects have lost $3.1 billion to exploits and scams in just the first half of the year.

The amount has already surpassed the total losses for all of 2024, with social engineering and phishing attacks alone have caused $600 million in damage.

A study by CertiK has reported that crypto investors have lost over $2.2 billion to hacks, scams, and security breaches in the first half of 2025 across 344 incidents.

Wallet-related breaches alone accounted for $1.7 billion in 34 attacks, while phishing scams was the second largest crime with a lost of $410 million over 132 incidents.

One of the largest hacks occurred in February when the Indian crypto exchange Bybit suffered a security breach, resulting in the loss of $1.5 billion in liquid-staked ETH and MegaETH.

Just months later, another decentralized exchange Cetus Protocol lost about $225 million in May due to a smart contract flaw involving spoof tokens and price manipulation.

Ethereum remained the most targeted blockchain, experienced 175 security events and over $1.6 billion in losses.

The average amounts lost per incident reached $7.1 million, while the median loss was approximately $90,000.

AI-driven exploits have skyrocketed 1,025% since late 2024, with insecure APIs and access controls contributing to $1.83 billion in crypto losses so far this year.

DeFi protocols have borne the brunt, representing nearly 69% of incidents, while centralized exchanges like WOO X are facing increasingly high-value losses per case.

Crypto Violence Reaches New Highs

Cyber risks aren’t the only threat: 2025 has also seen a spike in violent attacks against crypto holders.

At least 32 wrench attacks—incidents involving physical coercion or violence to force access to digital assets—have been reported globally.

France has become a hotspot, accounting for nearly a third of these cases and featuring some of the year’s most brutal incidents.

One of the more gory cases is David Balland, the co-founder of Ledger, who was kidnapped in January, leaving a severe injury on one of his hands.

This spate of physical threats has fueled a surge in demand for private protection within the crypto industry, marking what experts now call a “darker, more personal phase” in the evolution of crypto-related crime.