The cryptocurrency sector has reported a significant decline in losses attributed to cyberattacks, with February 2026 marking the lowest monthly figure since March 2025 at $37.7 million. This drop is especially notable as address poisoning scams continue to proliferate, demonstrating that while attacks are becoming more frequent, the overall financial impact has diminished.
Throughout February, the $37.7 million in losses stemmed from a series of incidents, with the most substantial loss occurring with the SOF token, which suffered a theft of $10.5 million. Following this, the IoTeX bridge hack led to a loss of approximately $8.9 million, attributed to a private key compromise of the ioTube cross-chain bridge. Initial estimates from the IoTeX team suggested the loss might be around $2 million; however, on-chain investigations uncovered a more significant theft across multiple assets, including USDC and WBTC.
Additionally, smaller losses were recorded from projects such as Foom, which lost $2.2 million, Ploutos at $2.1 million, and CrossCurve at $1.4 million. Notably, phishing schemes accounted for approximately $8.5 million of the monthly total, showcasing the ongoing threat posed by social engineering tactics.
The previous year, 2025, was marred by extraordinarily high losses, primarily due to major security breaches like the February 2025 Bybit hack, which resulted in the theft of roughly $1.5 billion in Ethereum by the Lazarus Group, linked to North Korea. Without similarly catastrophic incidents in 2026, the underlying security of decentralized finance (DeFi) ecosystems and exchanges appears to be more resilient, even as targeted attacks against individual users remain prevalent.
Despite the lower overall dollar amount stolen, the frequency of address poisoning incidents continues to rise alarmingly. Reports indicate that a trader lost $600,000 on February 17, 2026, due to this type of scam. Address poisoning involves scammers monitoring blockchain activity for active wallets and sending tiny transactions from a “vanity address” designed to closely resemble that of the target. Most cryptocurrency users tend to verify only the first and last few characters of addresses, which allows these scams to be effective.
Security analysts estimate that there are over one million address poisoning attempts daily on the Ethereum network alone. Recent enhancements to the Ethereum network, such as the Fusaka upgrade, have reduced transaction fees, enabling attackers to easily inundate numerous wallets with these harmful transactions.
In December 2025, a trader experienced a staggering loss of $50 million in USDT after mistakenly copying a fraudulent address from their transaction history, just moments after completing a legitimate transaction. In light of these threats, prominent figures in the crypto space, including former Binance CEO CZ, have suggested that crypto wallets should incorporate features that automatically detect and block transactions to known poison addresses.
Developers are also exploring solutions such as pre-execution risk assessments, which would simulate transactions and provide users with clear, understandable summaries of where their funds are headed before completing the transfer. For everyday users, experts recommend saving frequently used addresses within their wallet”s address book rather than copying them from transaction history. Additionally, enabling whitelisting on exchanges can ensure that funds are only sent to pre-approved addresses, further enhancing security measures against these types of attacks.
