Phishing Scams Drove $370M in Crypto Theft in January

An estimated $370 million in digital assets were stolen in January, with phishing and social engineering scams accounting for the vast majority of losses. According to security analysts, this figure represents a significant increase from previous months and the same period last year, underscoring the growing threat of non-technical exploits targeting cryptocurrency users.

Throughout January, the digital asset ecosystem reportedly experienced 40 confirmed security incidents, including both scams and exploits. A report on the month’s activities indicates that phishing and related social engineering attacks were the dominant vector, leading to approximately $311.3 million in losses. This sum constitutes over 84% of the total funds stolen during the month.

A single, high-value incident on January 16 was responsible for the bulk of the losses. In this case, an attacker successfully stole around $284 million from one individual by impersonating official customer support for the hardware wallet manufacturer Trezor. The attacker deceived the victim into revealing their wallet’s recovery seed phrase, granting the thief complete control over the assets.

The total losses for January mark a sharp escalation in malicious activity compared to recent periods. The figures highlight a concerning trend for asset security heading into the new year.

• Total Monthly Losses: Approximately $370 million.
• Losses from Phishing: $311.3 million, or ~84% of the total.
• Month-over-Month Increase: A 214% jump from the $117.8 million lost in December 2025.
• Year-over-Year Increase: A 277% rise from the $98 million reported in January 2025.
• Historical Context: The month’s activity is notable when compared to the worst year on record for crypto theft, 2022, when a total of $3.7 billion was stolen, according to reports from firms like Chainalysis.

The primary driver behind January’s substantial losses was not a sophisticated technical breach of blockchain protocols but rather social engineering. The $284 million theft was a direct result of an attacker exploiting human trust. By impersonating a credible support agent, the scammer created a false sense of security, manipulating the victim into bypassing their own security measures, including the protection offered by a hardware wallet. This incident demonstrates that even users with advanced security hardware remain vulnerable if they are tricked into compromising their private credentials, such as a seed phrase.

At this time, it is not publicly known whether law enforcement or blockchain analytics firms have successfully traced the stolen funds from the January 16 incident. The identity of the attacker or group responsible for the impersonation scam remains unconfirmed. Furthermore, details regarding potential recovery of any of the $370 million in stolen assets have not been disclosed.

Security experts anticipate that attackers will continue to refine and deploy social engineering tactics, as they have proven highly effective and profitable. In response, hardware wallet manufacturers and exchanges will likely increase user education campaigns, warning about the dangers of impersonation scams. Blockchain security firms are expected to continue monitoring fund flows from major thefts in an attempt to identify the culprits and prevent the liquidation of stolen assets.

Users can take several proactive steps to protect themselves from similar phishing and social engineering attacks:

• Never share your seed phrase: Your recovery phrase is the master key to your wallet. No legitimate support agent, company, or administrator will ever ask for it.
• Verify support channels: Always initiate contact with customer support through official websites. Be extremely skeptical of unsolicited emails, direct messages, or support offers on social media.
• Use bookmarks for official sites: To avoid landing on fake websites, bookmark trusted crypto platforms and access them directly.
• Question all urgent requests: Scammers often create a sense of urgency to pressure victims into making mistakes. Take time to verify any request that involves your security credentials or moving funds.

Follow us on Bluesky , LinkedIn , and X to Get Instant Updates