Confirmed crypto hack losses dropped to an estimated $26.5M–$37.7M in February 2026, a sharp comedown that sector trackers described as the lowest monthly level since March 2025 and a 98.2% year-over-year decline. The big story is that February had no “mega hack,” but that doesn’t mean risk disappeared—it shifted toward people-first attacks like social engineering and AI-assisted fraud.
Security firms still recorded meaningful incidents, but the mix looked different: fewer high-value protocol exploits and more victim-level extraction through phishing and wallet-targeting tactics. This is the kind of month that can look “safer” on a headline chart while quietly becoming more operationally messy for custody, compliance, and retail protection.
Combining all the incidents in February we’ve confirmed ~$35.7M lost to exploits with ~$8.5M of the total attributed to phishing.
This figure is the lowest monthly loss since March 2025.
More details below 👇 pic.twitter.com/7McXeoH3BR
— CertiK Alert (@CertiKAlert) February 28, 2026
Why February looked quieter on paper
Tracker estimates varied depending on what they included. PeckShield cited $26.5M across 15 incidents, while CertiK put the figure at $37.7M after including phishing and authorization hijacking. Even at the higher estimate, the month still represented a 69.2% drop from January 2026’s roughly $86M and a dramatic contrast with February 2025’s $1.5B, which included a $1.4B centralized exchange drain.
The protocol-loss portion of February was driven by a small number of outsized events rather than a broad wave of exploits. YieldBlox was hit by an oracle manipulation event that cost roughly $10M–$10.5M, and IoTeX reported around $8.8M–$8.9M lost after a compromised private key impacted its ioTube bridge. When two incidents can explain a big share of the month, it’s a signal that aggregate totals are being shaped by “lumpiness,” not necessarily by structural immunity. Other protocols such as CrossCurve, FOOM CASH, and Moonwell were also cited with losses in the low single-digit millions, reinforcing that exploits still happened, just without a single catastrophic outlier.
The threat pivot: fewer code exploits, more deception
Where the risk really reallocated was into deception-heavy attack paths. AI-generated phishing pages and social-engineering vectors accounted for more than $10M in February, with additional phishing and wallet compromise losses cited around $8.5M–$8.6M. The month’s loss profile increasingly reads like an adversary playbook optimized for scale and conversion, not just technical vulnerability discovery. Address poisoning also remained active, including a single incident around $600,000 on Feb. 17, 2026, which is exactly the kind of “one wrong copy/paste” scenario that product and UX teams hate because it bypasses most traditional security messaging.
The industry takeaway is not subtle, and one security team put it plainly: “Heightened vigilance and improved security measures across the industry are required.” That sentiment fits the broader pattern: when criminals target humans instead of code, prevention becomes a workflow problem, not only a smart-contract auditing problem.
Observers also suggested market conditions may have influenced attacker incentives. Lower liquidity and reduced volatility, including Bitcoin dipping below $70,000 in early February, were cited as factors that can make large-scale protocol attacks less attractive or harder to execute without drawing attention. In a softer tape, attackers may rationally choose higher-probability social routes rather than complex exploits that require deeper liquidity to monetize cleanly.
What this means for institutions, compliance, and product teams
Regulators and advisers are described as raising the bar through 2026, with new AML guidance and intensified oversight pushing firms to strengthen counter-fraud controls and improve transaction monitoring. The compliance burden here is less about writing new policies and more about proving controls work under real-time pressure, especially when scams are fast, targeted, and AI-assisted.
Consumer behavior adds another layer of fragility. An RBC poll conducted during Fraud Prevention Month in 2026 found 67% of Canadians believed they could not be fooled by an investment or crypto scam, a confidence gap that fraudsters exploit with increasingly convincing lures. When users think they’re immune, they bypass the very friction that safety systems rely on, and that’s exactly where AI-generated social proof becomes lethal.
Net-net, February’s low totals are not a “victory lap.” The real test through 2026 won’t be whether monthly hack charts stay low, but whether the ecosystem can detect and stop AI-enabled scams that attack humans rather than protocols. That’s where the next tranche of losses—and reputational damage—will likely concentrate.