TLDR
- February witnessed crypto theft totaling $26.5M-$35.7M, marking the smallest amount since March 2025
- A $10M oracle manipulation attack on YieldBlox’s Stellar-based lending protocol topped the month’s losses
- A compromised private key cost IoTeX roughly $8.9M on February 21
- Monthly losses plummeted more than 69% compared to January’s $86M figure, and dramatically below February 2025’s $1.5B Bybit breach
- Phishing attacks continue plaguing the industry, representing $8.5M of the month’s total damage
The cryptocurrency industry experienced a dramatic reduction in security breaches during February, marking the lowest monthly theft total in nearly a year. According to blockchain security monitoring firms PeckShield and CertiK, aggregate losses ranged between $26.5 million and $35.7 million throughout the month.
This represents a steep decline from January’s recorded losses exceeding $86 million—a reduction surpassing 69% month-over-month. The contrast becomes even starker when compared to February 2025’s astronomical figures, which were dominated by the massive $1.5 billion security breach at Bybit exchange.
Security analysts documented 15 separate incidents during February, though two major exploits comprised the bulk of stolen funds. The most significant breach targeted YieldBlox, a decentralized autonomous organization managing a lending protocol built on the Stellar blockchain network.
An attacker executed the exploit on February 22 by manipulating limited liquidity within the USTRY/USDC trading pair. Through a single irregular transaction, the perpetrator artificially inflated the token’s value by 100x, deceiving the protocol’s mechanisms and enabling massive undercollateralized loans.
The month’s second-largest security incident struck IoTeX, a blockchain platform focused on Internet-of-Things integration, on February 21. Hackers gained unauthorized access through a compromised private key, breaching the project’s token storage vault.
The perpetrator rapidly converted stolen digital assets into ETH before transferring them through multiple cross-chain bridges toward Bitcoin. While CertiK calculated losses approaching $9 million, the IoTeX development team contested this figure, claiming actual damages were approximately $2 million.
Foom.Cash, a privacy-focused protocol, suffered the third-largest breach, losing $2.2 million. Attackers exploited a fundamental cryptographic vulnerability to manufacture counterfeit zkSNARK proofs, generating fraudulent digital credentials that bypassed the protocol’s verification systems.
What Drove the Drop
PeckShield researchers highlighted that February’s reduced losses stemmed largely from the absence of any “mega-hack” comparable to previous high-profile incidents like the Bybit compromise. Additionally, a significant Bitcoin price correction during the month’s opening weeks, which saw valuations drop beneath $70,000, may have diverted attacker focus away from protocol vulnerabilities.
Dominick John, an analyst at Kronos Research, attributed the decline to enhanced security protocols, including stricter risk management frameworks, elevated counterparty vetting standards, and sophisticated real-time monitoring systems deployed across leading platforms. He emphasized that artificial intelligence-powered code auditing tools and automated vulnerability detection systems are identifying potential exploits before attackers can leverage them.
Phishing Still a Problem
While overall theft declined substantially, phishing schemes persisted as a significant vulnerability. These social engineering attacks accounted for $8.5 million in February losses.
The proliferation of “drainer-as-a-service” infrastructure platforms such as Angel Drainer and Inferno Drainer has lowered entry barriers for unsophisticated criminals seeking to execute extensive phishing campaigns. These turnkey solutions provide duplicate websites, counterfeit social media profiles, and automated malicious smart contract frameworks in return for profit-sharing arrangements on stolen cryptocurrency.
PeckShield security experts recommended that both institutional entities and high-value wallet holders implement multi-signature cold storage solutions and maintain rigorous private key security protocols.
Despite ongoing concerns, wallet drainer losses have decreased substantially on an annual basis, falling from $494 million throughout 2024 to $83.85 million during 2025.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
