As crypto investors caught their breath after a bruising
start to the year, the tide of digital heists appeared to ease in February.
According to new data from Nominis, hackers and scammers stole roughly $49.3
million across major incidents, down sharply from $385 million the month
before.
Yet behind the seeming reprieve, experts warn of a more
insidious threat: the rise of scams that don’t exploit code, but people.
Nominis’ February 2026 report shows a clear pivot in attacker behavior.
Rather than exploiting smart contract flaws or blockchain infrastructure, many incidents relied on phishing, malicious approvals, and
address poisoning.
Decline Follows January’s Heavy Losses
Victims often signed fraudulent transactions or unknowingly
granted permission for attackers to access their wallets,a form of
“authorization abuse” that accounted for most losses during the month.
Private users were hit hardest, while large platforms
escaped major compromises. The biggest exception was a breach at Step Finance,
a Solana-based analytics platform, which lost roughly $30 million after
attackers infiltrated its infrastructure. That single attack made up more than
60% of all crypto losses in February.
Continue reading: Crypto Fraud Tops UK Agenda as £14B Losses Spur New Strategy
The steep drop from January’s $385 million has sparked
cautious optimism among analysts. Blockchain security firm PeckShield reported
similar findings, estimating $26.5 million in February exploits, its lowest
figure since March 2025. The firm attributed the decline to stricter
operational controls and improved monitoring systems across centralized
exchanges and DeFi projects.
But the industry’s relative calm may be fragile. “Social
engineering attacks caused more cumulative damage than smart contract
exploits,” Nominis noted, emphasizing a continued shift toward tactics that
exploit human trust and interface confusion.
Better Defenses, but Not Immunity
Crypto platforms have been tightening fraud prevention
measures. Bybit, for instance, revealed that its anti-fraud systems blocked
more than $300 million in unauthorized withdrawals during late 2025, preventing
thousands of potential scams.
Despite those advances, total losses across the sector
remain staggering. Chainalysis estimated $3.4 billion in crypto stolen last
year, underscoring persistent vulnerabilities even as defenses improve.
February’s data suggests that stronger code alone isn’t
enough. The biggest risks now lie where technology meets behavior, permissions,
signatures, and the everyday habits of wallet users.
This article was written by Jared Kirui at www.financemagnates.com.
Source link
GIPHY App Key not set. Please check settings