Total cryptocurrency losses fell sharply to $49.3 million in February, a 87% drop from the previous month. A new report indicates that attackers are shifting their focus from exploiting technical vulnerabilities to manipulating users through phishing and operational compromises.
The February total of $49.3 million marked a significant decrease from January’s $385 million, according to a report by blockchain security firm Nominis. The firm states that this shift suggests attackers are moving away from exploiting code and toward manipulating the people who use it.
An attack on the Solana-based decentralized finance platform Step Finance accounted for over 60% of the month’s losses, involving up to $40 million. Attackers are said to have compromised devices belonging to the project’s executive team, potentially exposing private keys.
The remaining losses stemmed from various other incidents, including a $3 million exploit of the cross-chain protocol CrossCurve. The lending platform YieldBlox lost approximately $10.2 million due to manipulated collateral pricing logic.
Several individual users also suffered losses from address poisoning scams and malicious token approval transactions. Investigators at SlowMist published a breakdown of a phishing campaign targeting crypto project administrators using fake vesting tools.
A separate incident in South Korea involved nearly $5 million stolen after a seed phrase was exposed in a publicly shared photograph. The U.S. Department of Justice also seized over $61 million in cryptocurrency linked to a pig butchering investment fraud scheme.
Based on the February data, the report found that most losses now originate from compromised user accounts, misleading transactional requests, and user errors. According to the firm, the most vulnerable aspects of the cryptocurrency ecosystem are not the blockchains themselves, but rather, they are the human behaviors and operational practices that surround them.
