Crypto Exploit Losses Drop 69% to $26.5M in February

Cryptocurrency exploit losses fell to $26.5 million in February across 15 incidents, marking a 69.2% month-over-month decline from January’s $86 million and the lowest monthly total since March 2025. According to blockchain security firm PeckShield, the reduction reflects both improved security practices and reduced mega-hack activity compared to the $1.5 billion stolen in February 2025, which included the $1.4 billion Bybit drain.

February’s Largest Exploits

Two incidents accounted for the majority of stolen funds. On February 21, YieldBlox’s DAO-managed lending pool on Stellar suffered a $10 million oracle price manipulation attack. The same day, decentralized identity protocol IoTeX lost $8.9 million to a private key compromise targeting its ioTube bridge.

Other significant incidents included CrossCurve ($3 million), FOOMCASH ($2.26 million), and Moonwell ($1.8 million). Together, the top five exploits represented approximately 98% of February’s total losses.

Why Losses Declined

A PeckShield spokesperson told Cointelegraph that market volatility played a role in the decline. When Bitcoin dropped below $70,000 in early February during a sharp market correction, attention shifted toward institutional deleveraging and liquidity management rather than protocol exploitation. During such high-volatility periods, the tactical focus often moves away from protocol exploits toward navigating market liquidity, the spokesperson stated.

Security improvements also contributed. Dominick John, an analyst at Kronos Research, pointed to tighter risk controls, stronger counterparty standards and improved real-time monitoring across major venues. He noted that AI-powered code auditing tools and automated vulnerability detection systems are identifying weaknesses before exploitation occurs.

Phishing Remains the Primary Threat

Despite declining protocol exploits, phishing attacks remain persistent. PeckShield emphasized that attackers increasingly target users directly rather than smart contract vulnerabilities. Phishing remains the most persistent threat. Instead of trying to hack the contract, bad actors are increasingly focused on hacking the human, a spokesperson said.

Phishing losses in February totaled approximately $8.5 million according to multiple security reports. The proliferation of drainer-as-a-service platforms like Angel Drainer and Inferno Drainer has lowered the barrier to entry for sophisticated phishing campaigns, supplying turnkey solutions including replica websites, counterfeit social media profiles, and pre-built malicious smart contracts.

What to Watch

Whether this decline represents a sustainable trend depends on whether security innovation can keep pace with new protocols and products. Dominick John noted that capital is becoming more selective, rewarding protocols with mature security frameworks, suggesting a market-driven incentive for better security.

Security experts continue recommending multi-signature cold storage solutions for institutions and high-value wallet holders. Strict private key protection remains critical as phishing attacks shift focus from technical vulnerabilities to social engineering.

Follow Hashlytics on Bluesky, LinkedIn , Telegram and X to Get Instant Updates