In February, losses from hacks in the crypto industry totaled $35.7 million. This is more than 90% less than the previous month. According to CertiK, the past month was the calmest in terms of incidents since March 2025.
For a sector that regularly faces attacks worth hundreds of millions of dollars, this is a notable pause.
Sharp Decline Amid Weak January
In January, losses were significantly higher. Exact figures vary depending on the methodology, but the February figure appears minimal compared to the start of the year.
Year over year, the drop is also substantial. In February of last year, the market faced an attack on Bybit for about $1.5 billion. That incident was an anomaly and heavily skewed the annual statistics.
Even without accounting for extreme cases, the current month stands out for the low activity of attackers.
Biggest Attacks of the Month
The largest episode in February was the hack of YieldBlox on the Stellar network. According to auditors, the attacker withdrew more than $10 million through oracle manipulation.
The attack was based on the low liquidity of the USTRY/USDC trading pair. One atypical order sharply inflated the token price by about 100 times. This allowed the attacker to receive an overvalued collateral assessment and borrow funds without sufficient backing.
The day before, the IoTeX project was affected. According to CertiK, losses amounted to about $9 million, although the project team reported a figure closer to $2 million. The cause was a compromised private key. The attacker gained access to the token vault, quickly swapped assets for ETH, and transferred the funds to bitcoin via cross-chain bridges.
The third largest was the Foom.Cash incident. Losses are estimated at about $2.2 million. The hacker exploited a vulnerability in the cryptographic logic and was able to forge zkSNARK proofs, which allowed them to withdraw tokens.
Phishing Remains a Steady Threat
In addition to smart contract vulnerabilities, phishing remains a problem. In February, such schemes brought attackers $8.5 million.
The phishing market is becoming more organized. “Drainer-as-a-service” platforms have emerged, providing ready-made infrastructure for stealing funds. Among the well-known names are Angel Drainer and Inferno Drainer.
They offer scammers a toolkit: website copies, fake social media accounts, and automated scripts. Operators receive a percentage of the stolen funds.
What the Decline Means
The decrease in losses may indicate several factors. First, improved audit and monitoring quality. Second, a temporary reduction in the activity of major attacking groups.
However, even $35.7 million is a significant amount. Individual incidents continue to show that vulnerabilities in oracles, key management, and cryptographic mechanisms remain relevant.
Overall Picture
February was a respite for the industry. Losses dropped by more than 90%, but the nature of attacks changed. There were no massive catastrophic hacks. Instead, the market saw targeted strikes on specific protocols and a steady stream of phishing schemes.
If the current trend continues, 2026 could be more stable in terms of security. But the history of the crypto market shows that periods of calm are often followed by sharp spikes.
Read More: Miners Are Mining Bitcoin at Minimal Profitability
