February brings unexpected relief to the crypto security landscape
I have to say that the February figures are really surprising. After years of looking at monthly hacking reports with a sense of dread, seeing losses drop by more than 90% seems almost too good to be true. According to data from CertiK, the entire crypto ecosystem lost just $35.7 million to exploits last month. This is the lowest figure since March 2025, which honestly seems like a lifetime ago in crypto terms.
But here’s the thing: Even though the overall numbers have dropped significantly, it’s not like everything has suddenly become safe. The quiet month may well be just a temporary respite rather than a fundamental change. In comparison, January’s losses were staggering, and we all know how volatile this space can be. A massive exploit could completely change the game next month.
Major incidents still occurred despite general decline
The largest incident occurred on February 22 on the Stellar network. A hacker targeted the YieldBlox Blend pool, stealing more than $10 million through what security firm Quill Audits called a “classic low-liquidity oracle manipulation attack.” The method was actually quite clever in its simplicity: the attacker executed an anomalous trade in an illiquid market, artificially inflating the price of a token by 100 times. This tricked the protocol’s valuation system into allowing massive undercollateralized borrowing.
Just a day earlier, blockchain project IoTeX suffered a breach when a private key was compromised. There’s some discrepancy in the numbers here: CertiK estimated losses at nearly $9 million, while the IoTeX team claimed they were closer to $2 million. The attacker used the compromised key to access the token vault, exchanged everything for ETH, and then routed the funds to Bitcoin using cross-chain bridges.
Another notable incident involved Foom.Cash, a privacy protocol that lost $2.2 million. In this case, the hacker would have exploited a cryptographic flaw to falsify zkSNARK proofs. These fake digital credentials tricked the protocol into allowing large token withdrawals.
Phishing remains a persistent threat
What really concerns me is that phishing attacks account for exactly $8.5 million of February’s total losses. That’s almost a quarter of all losses from what appears to be the oldest trick in the book. The phishing industry has become increasingly professionalized, with services like Angel Drainer and Inferno Drainer operating as drainer-as-a-service providers.
These platforms offer fraudsters everything they need: cloned websites, fake social media accounts, automated smart contract scripts, all in exchange for a percentage of the stolen funds. It’s disturbingly effective and requires minimal technical expertise on the part of the real fraudsters. I believe this represents a shift in the way cryptocrime operates, moving from sophisticated technical exploits to more accessible and scalable social engineering attacks.
Context matters as a whole
Looking at year-over-year comparisons provides important context. Last February was dominated by this historic $1.5 billion exploit on the Bybit exchange, which completely skewed annual security measures. So while this February seems quiet in comparison, it’s worth remembering that a single massive incident can radically change the entire landscape.
The larger question, at least in my opinion, is whether this represents a real improvement in security practices or just a temporary lull. The security researchers I spoke with seem cautiously optimistic, but hesitant to declare victory. Auditing protocols are improving, users are becoming more aware of phishing tactics, and the industry has collectively invested more in security infrastructure.
Nonetheless, the persistence of phishing attacks and the success of relatively simple manipulation schemes like the Stellar incident suggest that there is still much work to be done. Perhaps the most encouraging point is that, despite these incidents, the overall damage has been limited. This could indicate that security measures are working better than before, even if they are not yet perfect.
