Losses Hit 11-Month High at $370.3M
January saw cryptocurrency thefts reach $370.3 million, the highest monthly figure since the $1.5 billion lost in February 2025. According to security firm CertiK, this amount represents a nearly fourfold increase from the $98 million stolen in January 2025 and a 214% jump from December's $117.8 million total. The surge underscores a worsening security environment to start the year, with attackers successfully executing larger-value exploits.
A single social engineering scam was responsible for the vast majority of the losses. One victim lost approximately $284 million in a targeted phishing incident, which alone accounted for 76% of the month's total stolen funds. Across 40 separate incidents, phishing attacks collectively drained $311.3 million from victims, revealing that individual user security remains a critical point of failure in the ecosystem.
DeFi Protocols Suffer $86M in Direct Hacks
Separate from phishing, direct attacks on decentralized finance (DeFi) protocols accounted for $86 million in losses across 16 hacks, according to security firm PeckShield. The largest protocol exploit of the month was a $28.9 million attack on Step Finance, a Solana-based portfolio tracker, where several treasury wallets were compromised.
Other significant exploits contributed to the monthly total. On January 8, the Truebit protocol lost $26.4 million after a smart contract flaw allowed an attacker to mint tokens at almost no cost, causing the TRU token's price to crash. Later in the month, liquidity provider SwapNet was exploited for $13.3 million on January 26, and the Saga blockchain protocol saw a $7 million loss on January 21.
