Crypto-related hacks and scams led to $26.5 million in losses across 15 major incidents in February 2026, according to data published by blockchain security firm PeckShield. The figure marks the lowest monthly total since March 2025 and reflects a sharp contraction compared to both last month and the same period a year ago.
In a March 1 post on X, PeckShield stated that February’s losses represent a 98.2% year-over-year decrease from February 2025, when total damages reached $1.5 billion. That figure included the $1.5 billion Bybit drain, one of the largest exploits in the sector’s history. Month over month, February’s total shows a 69.2% decline from January 2026, which recorded more than $86 million in losses.
#PeckShieldAlert In Feb. 2026, the crypto space saw 15 main hacks totaling $26.5M, representing a 98.2% YoY decrease compared to Feb. 2025 ($1.5B, including the $1.4B #Bybit drain) and a notable 69.2% MoM decrease from Jan. 2026 ($86.01M in losses).#Top5 Hacks :… pic.twitter.com/Svp7SZWp5w
— PeckShieldAlert (@PeckShieldAlert) March 1, 2026
The majority of February’s damage stemmed from two incidents.
YieldBlox and IoTeX account for bulk of losses
PeckShield identified YieldBlox as the largest single exploit of the month. Attackers extracted roughly $10 million from the DAO-managed lending pool through an oracle price manipulation attack on Feb. 21. The method targeted price feeds that underpin collateral valuations in decentralized finance protocols.
The second-largest incident involved decentralized identity protocol IoTeX. Approximately $8.8 million to $8.9 million was drained due to a compromised private key on Feb. 21. IoTeX initially reported losses closer to $2 million, but subsequent assessments placed the figure significantly higher.
Other notable incidents included around $3 million stolen from CrossCurve. Two separate exploits targeting FOOM CASH and Moonwell resulted in more than $4 million in combined losses. PeckShield listed FOOM CASH at $2.26 million and Moonwell at $1.8 million.
Despite these events, February’s aggregate losses remain subdued when compared with previous peak periods that featured large-scale exchange and bridge compromises.
CertiK report highlights phishing impact
A separate February assessment from blockchain security firm CertiK placed total losses at nearly $37.7 million. That figure includes phishing-related incidents, which PeckShield’s core hack data does not fully capture.
#CertiKStatsAlert 🚨
— CertiK Alert (@CertiKAlert) February 28, 2026
Combining all the incidents in February we’ve confirmed ~$35.7M lost to exploits with ~$8.5M of the total attributed to phishing.
This figure is the lowest monthly loss since March 2025.
More details below 👇 pic.twitter.com/7McXeoH3BR
CertiK attributed $8.6 million of February’s total to phishing attacks. According to its breakdown, wallet compromises accounted for $16.6 million in losses, while price manipulation attacks contributed $11.4 million.
Phishing attacks rely on deception rather than direct protocol exploitation. Malicious actors impersonate trusted entities or create fraudulent websites and social media messages to trick users into revealing private keys or seed phrases. Once obtained, attackers transfer funds directly from victims’ wallets.
A recent example underscores the scale such schemes can reach. Roughly $48 million worth of seized Bitcoin was stolen from South Korea’s Gwangju District Prosecutors’ Office, with phishing cited as a suspected cause.
Market conditions and security posture under scrutiny
A PeckShield spokesperson said that “mega-hacks,” such as the $1.5 billion Bybit hack in February 2025, did not inflate February 2026’s statistics.
“A sharp market correction in early February, with Bitcoin dipping below $70,000, shifted the industry’s focus toward institutional deleveraging and math-based sell-offs. During such high-volatility periods, the tactical focus often moves away from protocol exploits toward navigating market liquidity,” the spokesperson said.
Phishing, however, continues to present a persistent challenge. The PeckShield spokesperson described it as an enduring threat vector.
“Phishing remains the most persistent threat. Instead of trying to hack the contract, bad actors are increasingly focused on hacking the human,” the spokesperson said. “It is critical for both institutions and whales to adopt multi-sig cold storage solutions and strictly guard their wallets and private keys.”
February’s data suggests a period of relative calm after a year marked by high-profile breaches. The absence of billion-dollar incidents shapes the headline numbers, but the underlying risks tied to private key management, price oracle integrity and user awareness remain unresolved.
Oleksii Shumak
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.
