The Quietest Month for Crypto Hackers in Nearly a Year — What Changed?

TLDR

• Crypto hacks and scams totaled between $26.5M–$35.7M in February, the lowest since March 2025
• The biggest exploit was a $10M oracle manipulation attack on YieldBlox’s lending pool on the Stellar network
• IoTeX lost approximately $8.9M to a private key compromise on February 21
• February losses dropped over 69% month-on-month from January’s $86M, and massively down from February 2025’s $1.5B Bybit hack
• Phishing remains a persistent threat, accounting for $8.5M of February’s losses

Crypto losses from hacks and scams fell sharply in February, hitting their lowest level since March 2025. Blockchain security firms PeckShield and CertiK both confirmed the decline, with loss estimates ranging from $26.5 million to $35.7 million across the month.

That compares to just over $86 million in losses recorded in January, a month-on-month drop of more than 69%. The figures are also a fraction of February 2025’s total, which was heavily inflated by the $1.5 billion Bybit exchange hack.

February saw 15 recorded incidents, but just two of them accounted for most of the damage. The largest was a $10 million theft from YieldBlox, a lending pool on the Stellar network managed by a decentralized autonomous organization.

On February 22, an attacker exploited thin liquidity in the USTRY/USDC market. By executing a single abnormal trade, they inflated the token’s price by a factor of 100, tricking the protocol into allowing undercollateralized borrowing on a large scale.

The second-largest incident hit IoTeX, an Internet-of-Things blockchain project, on February 21. A private key was compromised, giving the attacker access to the token safe.

The attacker quickly swapped stolen assets for ETH and routed them through cross-chain bridges to Bitcoin. CertiK estimated losses at nearly $9 million, though the IoTeX team put the figure closer to $2 million.

The third-largest exploit targeted Foom.Cash, a privacy protocol, which lost $2.2 million. The attacker exploited a cryptographic flaw to forge zkSNARK proofs, creating fake digital credentials that the protocol accepted.

What Drove the Drop

PeckShield noted that the absence of a “mega-hack” like the Bybit incident kept February’s numbers low. A sharp Bitcoin price correction early in the month, with prices dipping below $70,000, also shifted attention away from protocol exploits.

Kronos Research analyst Dominick John said tighter risk controls, stronger counterparty standards, and improved real-time monitoring across major platforms likely contributed to the decline. He added that AI-driven code reviews and automated vulnerability scans are catching issues earlier.

Phishing Still a Problem

Despite the overall drop, phishing attacks remained a concern. They accounted for $8.5 million of February’s total losses.

The rise of “drainer-as-a-service” platforms like Angel Drainer and Inferno Drainer has made it easier for low-skill attackers to run large-scale phishing operations. These services provide cloned websites, fake social media accounts, and automated smart contract scripts in exchange for a cut of stolen funds.

PeckShield urged both institutions and large wallet holders to use multi-signature cold storage and guard private keys carefully.

Wallet drainer losses have still fallen year-over-year, dropping from $494 million in 2024 to $83.85 million in 2025.

The post The Quietest Month for Crypto Hackers in Nearly a Year — What Changed? appeared first on CoinCentral.