February 2026 was a positive month for crypto security, with total losses falling to about $49.3 million, an 87% drop from January’s $385 million.
However, this doesn’t mean hackers are slowing down. Instead, they are shifting tactics, increasingly exploiting human behavior rather than technical flaws in blockchain code.
An attack that drained millions
According to the report published by Nominisa, a large share of the losses came from a single incident involving Step Finance.
For context, Step Finance was a Solana [SOL]-based platform that lost nearly $30 million after an executive’s device was compromised.
By gaining access to these machines, the attackers were able to drain about 261,854 SOL, worth roughly $27- 40 million. The breach was severe enough that the project eventually shut down its core platform and related initiatives.
This shows that even if smart contracts are secure, attackers can still gain access through administrators with high-level permissions.
Other attacks that were no less
Other attacks during the month mainly involved social engineering tactics.
These scams include authorization tricks that deceive users into approving malicious transactions, as well as address poisoning. The latter saw a sharp rise in February: attackers sent small amounts of cryptocurrency from wallet addresses designed to resemble those the victim often uses.
When victims later copy an address from their transaction history, they may accidentally send funds to the attacker instead of the intended recipient. Several users lost significant amounts this way during the month.
The list doesn’t end here
Lastly, phishing methods have also evolved. Instead of trying to steal seed phrases, attackers focused on getting users to sign malicious approval transactions.
By signing a transaction such as “increaseAllowance,” victims unknowingly permitted attackers to withdraw tokens directly from their wallets later. Through these approval-based attacks, users collectively lost more than $500,000 in February.
Needless to say, while human-focused attacks dominated the month, some technical exploits also occurred.
YieldBlox lost about $10.2 million after attackers manipulated its price oracle system to borrow more assets than they had deposited.
Other platforms, including CrossCurve and IoTeX, suffered from cross-chain validation errors that allowed attackers to trick contracts into minting unbacked tokens.
Significant enforcement events
There have also been a few enforcement successes. In the United States, authorities seized about $6.1 million from ‘pig-butchering’ scam operations.
Meanwhile, in South Korea, investigators uncovered a $4.8 million theft that occurred simply because a user’s seed phrase was visible in the background of a photograph.
At the same time, law enforcement is becoming more active. The newly formed Scam Center Strike Force has already frozen more than $580 million in stolen crypto within three months.
Authorities are also targeting large scam networks in Southeast Asia, treating crypto fraud as organized international crime.
Final Summary
- Instead of complex technical exploits, many now rely on manipulation, deception, and user mistakes.
- Simple actions like verifying addresses and approvals can prevent major losses.