Crypto security breaches collapsed by more than 90% in February, with total losses across the ecosystem settling at $35.7 million. This marks the quietest month for digital asset security since March 2025, offering a rare reprieve in a sector routinely battered by nine-figure hacks. The data, compiled by blockchain security firm CertiK, reveals a drastic month-over-month contraction from January's staggering losses and a massive year-over-year decline compared to February 2025, which was dominated by a historic $1.5 billion exploit on the Bybit exchange.
Oracle Manipulation Drives Largest Heist
Despite the broader market slowdown in illicit activity, targeted attacks continued to drain millions from decentralized finance protocols. The single largest crypto exploit incident occurred on February 22 on the Stellar network, where a hacker exploited the community-managed YieldBlox Blend pool. According to Quill Audits, the attacker siphoned more than $10 million through a classic thin-liquidity oracle manipulation attack.
The breach relied on a precise execution of market manipulation. By executing a single abnormal trade in the highly illiquid USTRY/USDC market, the attacker artificially inflated the token's price by a factor of 100. This distortion tricked the protocol's valuation system, allowing the attacker to execute massive undercollateralized borrowing against the inflated asset value.
Disputed Losses on IoTeX and zkSNARK Flaws
A day earlier, on February 21, the Internet-of-Things blockchain project IoTeX suffered a major breach after a private key was compromised. The incident highlights the persistent risks of key management even as smart contract vulnerabilities dominate headlines. While CertiK estimated the losses at nearly $9 million, the IoTeX team claimed the stolen amount was closer to $2 million. Security researchers noted the attacker used the compromised key to access the token safe, quickly swapped the stolen assets for ETH, and routed them to Bitcoin using cross-chain bridges.
Rounding out the top three incidents was a $2.2 million exploit of Foom.Cash, a privacy protocol. In this attack, the hacker reportedly exploited a cryptographic flaw to forge zkSNARK proofs. This allowed them to create fake digital credentials that the protocol accepted, enabling the withdrawal of large volumes of tokens without proper authorization.
Phishing Infrastructure Scales
Beyond smart contract vulnerabilities and key compromises, phishing remains a persistent and growing threat, accounting for exactly $8.5 million of February's total losses. The crypto phishing sector has flourished recently, driven by the rise of professionalized 'drainer-as-a-service' providers like Angel Drainer and Inferno Drainer.
These platforms allow scammers to execute large-scale malicious operations with minimal technical expertise. They provide fraudsters with a complete toolkit, including cloned websites, deceptive social media accounts, and automated smart contract scripts. In exchange for providing this illicit infrastructure, the operators take a percentage of all stolen funds. This professionalization suggests that while complex smart contract exploits may fluctuate, the barrier to entry for asset theft via social engineering remains low and scalable.
The sharp decline in total losses provides a brief statistical respite, but the underlying mechanics of theft have not disappeared; they have merely shifted in frequency and method. As the market sentiment index sits at 14/100, indicating extreme fear, the reduction in exploit volume may reflect a more cautious user base or a temporary lull in attacker coordination rather than a fundamental improvement in protocol security.
Source: BeInCrypto | Analysis by Rumour Team
