In February 2026, cryptocurrency hacks and scams resulted in losses of $26.5 million, representing a drastic 69.2% decline from January and an astonishing 98.2% drop from the $1.5 billion lost in February 2025. This decrease can largely be attributed to the absence of catastrophic incidents, particularly the $1.4 billion drain from the Bybit exchange that marked the previous year”s losses.
February 2026 recorded 15 hacking incidents, with the two most significant events occurring on February 21, which accounted for over 70% of the month”s total losses. The first incident involved YieldBlox, which suffered a $10 million loss due to a price manipulation attack on its DAO-managed lending pool. The second incident affected IoTeX, where a private key compromise targeting the IoTeX.io bridge resulted in losses of $8.9 million, although the protocol”s founders initially disputed this figure. Together, these two attacks accounted for $18.9 million, leaving approximately $7.6 million distributed across the remaining 13 incidents for the month.
Other notable losses included Foom.cash, which lost $2.2 million, and Moonwell, which reported losses of $1.8 million. The smaller incidents reflect a persistent low-level threat activity that continues in the cryptocurrency space, regardless of market dynamics.
The decline in overall hacking losses can be attributed to various factors rather than a single cause. Market conditions played a role, as Bitcoin faced a correction early in the month, falling below $70,000. This situation likely redirected attacker resources toward managing liquidity instead of executing intricate protocol exploits, as sophisticated attacks often require favorable market conditions to maximize gains.
Additionally, enhancements in security infrastructure have contributed to this trend. The adoption of AI-powered code auditing and real-time monitoring tools has improved the detection of vulnerabilities before they can be exploited. Tighter counterparty standards among institutional players have also been implemented, leading to fewer successful attacks on well-audited protocols.
Another emerging trend is the shift towards social engineering attacks. Approximately $8.5 million of the total losses in February stemmed from phishing and address poisoning attacks, rather than technical contract exploits. This indicates a changing landscape where protocols are becoming more resilient against code-level attacks, while human targets remain vulnerable.
The last time monthly hacking losses were this low was in March 2025. The subsequent months recorded several nine-figure incidents, including the Bybit event that skewed the 2025 statistics. The February 2026 figures breaking below this threshold is a positive indicator of the cryptocurrency ecosystem”s security maturity.
However, it is crucial to note that this is merely one month of data. The absence of large-scale hacks does not eliminate the risk of a significant breach occurring in the near future. A single undiscovered vulnerability in a high-TVL protocol could dramatically alter monthly loss statistics at any moment. While the trend appears encouraging, the threat landscape remains active.
