Crypto hacks and scams caused $26.5 million in losses in February, the lowest monthly total since March 2025, blockchain security firm PeckShield reported. Of 15 incidents last month, two accounted for the bulk of losses: a $10 million theft from YieldBlox’s DAO-managed lending pool via a price-manipulation attack on Feb. 21, and an about $8.9 million loss at decentralized identity protocol IoTeX from a private key exploit the same day. February’s total was down 69.2% month-on-month from January, which recorded just over $86 million in losses.
A PeckShield spokesperson told Cointelegraph that “mega-hacks,” such as the $1.5 billion Bybit hack in February 2025, did not inflate last month’s statistics, and that market volatility contributed to a cooling period in exploit activity. “A sharp market correction in early February, with Bitcoin dipping below $70,000, shifted the industry’s focus toward institutional deleveraging and math-based sell-offs. During such high-volatility periods, the tactical focus often moves away from protocol exploits toward navigating market liquidity,” the spokesperson said.
Security improvements could be a factor. Kronos Research analyst Dominick John said the decline may reflect tighter risk controls, stronger counterparty standards and improved real-time monitoring across major venues. “Capital is becoming more selective, rewarding protocols with mature security frameworks. Sustained downside will depend on whether security standards keep pace with innovation,” he added. John expects losses could continue to fall as audits, monitoring and institutional risk frameworks mature, and said artificial intelligence could accelerate that shift by powering automated code reviews, anomaly detection and pre-deployment attack simulations to catch vulnerabilities earlier.
Phishing remains a persistent problem. While phishing-related losses have declined — wallet-drainer attacks fell sharply in 2025 from $494 million to $83.85 million — PeckShield warned that social-engineering tactics continue to target users directly. “Phishing remains the most persistent threat. Instead of trying to hack the contract, bad actors are increasingly focused on hacking the human,” the spokesperson said, recommending multi-sig cold storage solutions and strict key custody practices for institutions and high-value holders.
Cointelegraph is committed to independent, transparent journalism. This article follows Cointelegraph’s Editorial Policy; readers are encouraged to verify information independently. Read the Editorial Policy at https://cointelegraph.com/editorial-policy
