Synopsis: Blockchain security firms report an 87% drop in losses from January, even as social engineering and malicious wallet approvals emerge as the dominant attack vectors.
Crypto-related hacking losses dropped significantly in February, but cybercriminals are increasingly targeting users through phishing and deceptive wallet approvals rather than exploiting technical weaknesses in blockchain systems. The shift signals a broader change in attacker strategy one that places the human element, not software vulnerabilities, at the centre of the threat landscape.
Key Findings: An 87% Drop in Monthly Losses
According to a monthly report from Nominis, a blockchain intelligence platform, approximately $49 million was lost to crypto-related exploits in February. This represents a major decrease compared to the $385 million stolen in January a decline of around 87%. Although one month of lower losses does not necessarily indicate a sustained long-term trend, the drop suggests that large-scale attacks on blockchain protocols were less prevalent during this period.
A large portion of February’s losses stemmed from a single incident involving Step Finance, a portfolio dashboard and analytics platform built on the Solana blockchain. In that breach, attackers managed to steal approximately $30 million, accounting for the majority of total losses reported for the month.
While technical attacks on smart contracts did occur, social engineering attacks caused more cumulative damage. Social engineering refers to scams that manipulate people into giving away access or approving transactions. In the crypto world, this most commonly takes the form of phishing campaigns.
The Rise of Phishing and Authorisation Abuse
Phishing attacks typically involve sending victims malicious links or directing them to fake websites that closely resemble legitimate ones. When users interact with these sites, they may unknowingly sign fraudulent transactions or approve wallet permissions that allow attackers to access their funds.
One of the most prevalent attack techniques observed in February was authorisation abuse. In this method, victims are tricked into granting permissions to malicious applications or websites. Once these permissions are approved, attackers can move funds directly from the victim’s crypto wallet without requiring any further authorisation.
Notably, individual users were the primary targets rather than major institutions such as centralized exchanges or decentralized finance (DeFi) protocols. This pattern suggests that hackers may be redirecting their efforts toward exploiting human error rather than technical flaws in blockchain systems.
Corroborating Data from PeckShield
The findings from Nominis are broadly supported by independent data from blockchain security company PeckShield. Using a narrower methodology that counts only confirmed on-chain exploits, PeckShield estimated that total crypto losses from exploits in February amounted to approximately $26.5 million its lowest monthly figure since March 2025. According to PeckShield, the decline may partly reflect stronger risk controls and improved security practices across the crypto industry.
Despite these improvements, crypto crime remains a significant and persistent issue. Hacks and scams have been part of the cryptocurrency ecosystem since its early days, though exchanges and security firms say defences are gradually improving.
Also Read: China’s New Chip Could Make Blockchain 50 Times Faster
Industry Response
Some exchanges are demonstrating measurable progress in fraud prevention. Crypto exchange Bybit recently disclosed that its fraud-prevention system successfully blocked over $300 million in unauthorised withdrawal attempts during the final quarter of last year. The company identified approximately 350 high-risk fraud addresses and prevented around 8,000 users from potentially falling victim to scams.
Even so, large-scale attacks remain a constant threat. Blockchain analytics firm Chainalysis reported that crypto-related hacks caused $3.4 billion in total losses in 2025, highlighting the scale of the challenge facing the industry. Much of that figure was driven by a small number of high-impact events, including the landmark $1.5 billion theft from exchange Bybit in February 2025, attributed to North Korean state-linked hackers.
What Does This Mean For The Future?
The February data presents a cautiously encouraging picture: technical defences against smart contract exploits may be improving, and overall losses fell sharply compared to the previous month. However, attackers are clearly adapting, increasingly shifting toward manipulating users directly through phishing campaigns and deceptive wallet approval requests.
This evolution in tactics means that robust software security alone is no longer sufficient. User education, security awareness, and the adoption of cautious wallet practices remain equally critical to protecting crypto assets in an environment where the human layer has become the primary point of attack.
Written by Parvati Anilkumar
