TLDR
- February recorded crypto hacks and scams totaling between $26.5M–$35.7M, marking the lowest figure since March 2025
- YieldBlox suffered the largest exploit through a $10M oracle manipulation attack targeting its lending pool on the Stellar network
- A private key compromise on February 21 resulted in approximately $8.9M in losses for IoTeX
- The month saw losses decline by over 69% compared to January’s $86M, representing a dramatic decrease from February 2025’s $1.5B Bybit incident
- Phishing attacks continued causing damage, responsible for $8.5M of the month’s total losses
February witnessed a significant reduction in crypto losses stemming from hacks and scams, reaching the lowest point recorded since March 2025. Blockchain security firms PeckShield and CertiK independently verified this downward trend, estimating total losses between $26.5 million and $35.7 million throughout the month.
This figure represents a dramatic contrast to January’s tally of just over $86 million, marking a month-over-month reduction exceeding 69%. The numbers also stand far below the February 2025 total, which saw massive inflation due to the $1.5 billion Bybit exchange breach.
The month registered 15 separate incidents, with two major attacks responsible for the majority of losses. YieldBlox, a lending pool operating on the Stellar network under decentralized autonomous organization management, suffered the largest theft at $10 million.
An attacker took advantage of shallow liquidity in the USTRY/USDC market on February 22. Through a single abnormal transaction, they artificially inflated the token’s value by 100 times, deceiving the protocol into permitting large-scale undercollateralized borrowing.
IoTeX, an Internet-of-Things blockchain platform, experienced the second-largest breach on February 21. A compromised private key granted the attacker entry to the token safe.
The perpetrator rapidly converted stolen assets into ETH and transferred them via cross-chain bridges to Bitcoin. While CertiK placed losses at nearly $9 million, the IoTeX development team calculated the figure at approximately $2 million.
Foom.Cash, a privacy-focused protocol, became the victim of the third-largest exploit, losing $2.2 million. The attacker leveraged a cryptographic vulnerability to generate fraudulent zkSNARK proofs, producing counterfeit digital credentials the protocol validated as legitimate.
What Drove the Drop
PeckShield observed that February’s low figures can be attributed to the absence of a massive breach comparable to the Bybit incident. A significant Bitcoin price decline early in the month, with valuations falling below $70,000, also diverted focus away from protocol vulnerabilities.
Kronos Research analyst Dominick John suggested that enhanced risk management protocols, strengthened counterparty verification standards, and upgraded real-time monitoring systems across major platforms played a role in reducing incidents. He highlighted that AI-powered code audits and automated vulnerability detection tools now identify problems at earlier stages.
Phishing Still a Problem
Phishing attacks maintained their presence as a significant concern despite the overall reduction. These schemes were responsible for $8.5 million of February’s aggregate losses.
The emergence of “drainer-as-a-service” platforms such as Angel Drainer and Inferno Drainer has lowered barriers for inexperienced attackers to execute sophisticated phishing campaigns. These services supply replica websites, fraudulent social media profiles, and automated smart contract scripts while taking a percentage of stolen assets.
PeckShield recommended that both institutional players and individual holders with substantial holdings implement multi-signature cold storage solutions and maintain rigorous private key security protocols.
Wallet drainer losses have demonstrated a year-over-year decline, falling from $494 million in 2024 to $83.85 million in 2025.
