Crypto Scams Declined in February, But Still Millions Were Lost

Crypto exploits declined by more than 90% in February, with digital asset thieves siphoning just $35.7 million across the ecosystem.

The sharp decline marks the quietest month for crypto security since March 2025, providing a brief reprieve for a sector routinely battered by nine-figure hacks.

Phishing and Oracle Attacks Linger Despite the Sharp Fall in Crypto Theft

Data compiled by blockchain security firm CertiK revealed a drastic month-over-month drop from Januarys staggering losses.

Meanwhile, the figures also represent a massive year-over-year contraction. Last years February was dominated by a historic $1.5 billion exploit on the Bybit exchange, an anomaly that heavily skewed annual security metrics.

Despite the broader market slowdown in illicit activity, targeted attacks still drained millions from decentralized finance protocols.

The single largest crypto exploit incident occurred on February 22 on the Stellar network.

According to Quill Audits, a hacker exploited the community-managed YieldBlox Blend pool. The attacker stole more than $10 million through a classic thin-liquidity oracle manipulation attack.

By executing a single abnormal trade in the highly illiquid USTRY/USDC market, the attacker artificially inflated the tokens price by a factor of 100.

This tricked the protocols valuation system, allowing the attacker to execute massive undercollateralized borrowing.

A day earlier, on February 21, the Internet-of-Things blockchain project IoTeX suffered a major breach after a private key was compromised.

While CertiK estimated the losses at nearly $9 million, the IoTeX team claimed the stolen amount was closer to $2 million.

Security researchers noted the attacker used the compromised key to access the token safe, quickly swapped the stolen assets for ETH and routed them to Bitcoin using cross-chain bridges.

Rounding out the top three was a $2.2 million exploit of Foom.Cash, a privacy protocol.

In this attack, the hacker reportedly exploited a cryptographic flaw to forge zkSNARK proofs. This allowed them to create fake digital credentials that the protocol accepted, enabling the withdrawal of large volumes of tokens.

Crypto Phishing Attacks Remain a Concern

Beyond smart contract vulnerabilities, phishing remains a persistent threat, accounting for exactly $8.5 million of Februarys total losses.

The crypto phishing sector has flourished recently, driven by the rise of professionalized “drainer-as-a-service” providers like Angel Drainer and Inferno Drainer.

These platforms allow scammers to execute large-scale malicious operations with minimal technical expertise. They provide fraudsters with a complete toolkit, including cloned websites, deceptive social media accounts, and automated smart contract scripts.

In exchange for providing this illicit infrastructure, the operators take a percentage of all stolen funds.