As crypto buyers caught their breath after a bruising begin to the 12 months, the tide of digital heists appeared to ease in February. In accordance to new knowledge from Nominis, hackers and scammers stole roughly $49.3 million throughout main incidents, down sharply from $385 million the month earlier than.
But behind the seeming reprieve, consultants warn of a extra insidious menace: the rise of scams that don’t exploit code, however individuals. Nominis’ February 2026 report reveals a transparent pivot in attacker habits.
Quite than exploiting sensible contract flaws or blockchain infrastructure, many incidents relied on phishing, malicious approvals, and deal with poisoning.
Decline Follows January’s Heavy Losses
Victims typically signed fraudulent transactions or unknowingly granted permission for attackers to entry their wallets,a type of “authorization abuse” that accounted for many losses through the month.
Non-public customers had been hit hardest, whereas giant platforms escaped main compromises. The most important exception was a breach at Step Finance, a Solana-based analytics platform, which misplaced roughly $30 million after attackers infiltrated its infrastructure. That single assault made up greater than 60% of all crypto losses in February.
Proceed studying: Crypto Fraud Tops UK Agenda as £14B Losses Spur New Technique
The steep drop from January’s $385 million has sparked cautious optimism amongst analysts. Blockchain safety agency PeckShield reported comparable findings, estimating $26.5 million in February exploits, its lowest determine since March 2025. The agency attributed the decline to stricter operational controls and improved monitoring programs throughout centralized exchanges and DeFi initiatives.
Supply: Nominis
However the trade’s relative calm could also be fragile. “Social engineering assaults precipitated extra cumulative harm than sensible contract exploits,” Nominis famous, emphasizing a continued shift towards ways that exploit human belief and interface confusion.
Higher Defenses, however Not Immunity
Crypto platforms have been tightening fraud prevention measures. Bybit, as an illustration, revealed that its anti-fraud programs blocked greater than $300 million in unauthorized withdrawals throughout late 2025, stopping hundreds of potential scams.
Regardless of these advances, whole losses throughout the sector stay staggering. Chainalysis estimated $3.4 billion in crypto stolen final 12 months, underscoring persistent vulnerabilities even as defenses enhance.
February’s knowledge means that stronger code alone isn’t sufficient. The most important dangers now lie the place know-how meets habits, permissions, signatures, and the on a regular basis habits of pockets customers.
