Crypto-related hacks and exploits slowed significantly in February 2026, pushing total losses to their lowest monthly level in nearly a year. According to blockchain security firm CertiK, attackers stole approximately $37.7 million during the month — the smallest figure recorded since March 2025.
While security threats remain a constant concern for the digital asset industry, February’s numbers suggest a temporary cooling in large-scale attacks. The decline was driven mainly by the absence of massive exploits rather than a reduction in overall hacking activity.
Wallet breaches led February’s losses
Among all attack types, wallet compromises caused the most financial damage. These incidents accounted for $16.6 million in losses, making them the leading security issue during the month.
Price manipulation attacks ranked second, responsible for $11.4 million in stolen funds. Meanwhile, phishing scams continued to target users aggressively, draining $8.6 million from victims. Other attack methods included code vulnerability exploits, which resulted in $5.1 million in losses, and exit scams that added another $2.1 million.
Encouragingly, recovery efforts showed progress. Roughly $11.3 million, or about 30% of the stolen funds, were either frozen or successfully recovered during February.
Major incidents and affected projects
Several projects experienced notable breaches throughout the month. YieldBlox recorded the largest exploit, losing $10.6 million, followed by IoTeX with $8.9 million stolen. Foom reported losses totaling $2.3 million.
Other significant incidents included Instadapp, which suffered a $10.5 million attack, and EFX with $8.9 million in losses. Kasm lost $2.2 million, while Initia reported $2.1 million stolen.
CryptoFarm faced two separate attacks that combined for $2.7 million in damages. Smaller-scale incidents were also recorded, including UCC and Hedgehog at $400,000 each, and both Lending and SEI Token losing $200,000.
DeFi remains the primary target
Decentralized finance (DeFi) protocols continued to attract the most attention from attackers, accounting for $14.4 million in total losses across multiple incidents.
Interestingly, AI-related crypto projects emerged as the second-largest target category, suffering $8.9 million in thefts. Gambling platforms reported losses of $2.3 million, while address poisoning and wallet drainer schemes combined for $2.7 million.
Sharp decline compared to January
February’s $37.7 million total represents a roughly 60% drop compared with January 2026 and stands well below typical monthly losses seen throughout 2025.
CertiK’s data indicates that the number of incidents remained relatively stable month over month. The difference came from fewer high-value attacks rather than fewer hacking attempts overall.
Phishing-related losses remained consistent, with February’s $8.6 million closely matching January’s figures. However, overall exploit-related losses fell sharply, driving the monthly total downward.
Although February’s numbers offer a positive signal for the industry, security experts caution that risks remain high. As crypto adoption grows and new sectors like AI-powered projects expand, attackers continue to adapt — meaning strong security practices remain essential for both platforms and users.
Also Read: Bitcoin ETFs See Strong Comeback as BTC Climbs Above $66K
CZ Criticizes Etherscan Over Address Poisoning Spam