Crypto hack losses fall 69% in February to $26.5 million

Crypto hacks and scams caused $26.5 million in losses in February, down 69% from January and the lowest monthly total since March 2025, according to blockchain security firm PeckShield. The firm logged 15 incidents for the month, with two Feb. 21 exploits making up most of the total.

PeckShield reported that February’s figures were not inflated by any outlier thefts, unlike past mega incidents such as the $1.5 billion Bybit case in February 2025. January recorded just over $86 million in losses.

The largest February exploit hit YieldBlox’s DAO-managed lending pool through a price manipulation strategy that enabled attackers to drain funds. IoTeX, a decentralized identity-focused protocol, faced the second-largest loss after attackers used a compromised private key to move assets.

Market conditions played a part, according to a PeckShield spokesperson, who pointed to early-month volatility: “A sharp market correction in early February, with Bitcoin dipping below $70,000, shifted the industry’s focus toward institutional deleveraging and math-based sell-offs.” The spokesperson added that during such periods of high volatility, attention often shifts away from protocol exploits to managing crypto liquidity.

Security practices may also be strengthening across the sector, Kronos Research analyst Dominick John assessed. “Capital is becoming more selective, rewarding protocols with mature security frameworks. Sustained downside will depend on whether security standards keep pace with innovation.” He noted that audits, continuous monitoring and institutional risk controls are improving and could keep losses trending lower through the year.

John said AI now plays a larger role in defense, from automated code reviews to anomaly detection and pre-launch attack simulations. He added that crypto security is improving as teams invest more in audits, formal verification, and continuous monitoring, while investors demand higher standards. AI-driven checks and automated scanners are catching flaws earlier, though the sector’s rapid pace still keeps risk high.

PeckShield’s data also show a drop in thefts tied to wallet drainers, from $494 million in 2024 to $83.85 million in 2025. Phishing – when scammers trick users into sharing login details or approving harmful transactions – remains a steady threat. A PeckShield spokesperson said attackers are focusing more on people than on breaking smart contracts. They urged institutions and large holders to use multi-signature cold wallets and enforce strict private key protections.