February 2026 ended with the bottom recorded determine in month-to-month losses from cryptocurrency scams since March 2025 at $37.7 million, regardless of tackle poisoning scams on the rise.
The cryptocurrency sector continuously suffers assaults from dangerous actors concentrating on liquidity-rich environments with social engineering and phishing ways, however regardless of these subtle threats, February 2026 has formally ended with the bottom month-to-month losses to cyberattacks and exploits in almost a 12 months.
February’s $37.7 million loss was notably lower than different months as there have been no massive incidents to drive up the entire.
High crypto exploits in February 2026
February’s $37.7 million loss was unfold throughout a number of notable incidents. The biggest confirmed exploit concerned the SOF token, which misplaced $10.5 million. This was adopted carefully by the IoTeX bridge hack, which safety analysts at Halborn and PeckShield defined concerned a non-public key compromise of the ioTube cross-chain bridge, resulting in a lack of roughly $8.9 million.
The IoTeX founders initially estimated the loss to be decrease, round $2 million, however on-chain information confirmed a bigger theft throughout a number of belongings, together with USDC and WBTC.
Additionally in February, Foom, Ploutos, and CrossCurve misplaced $2.2 million, $2.1 million and $1.4 million, respectively. Phishing incidents alone accounted for roughly $8.5 million of the month-to-month complete.
Losses are down, frequency is up
In 2025, the month-to-month averages of cryptocurrency losses had been closely affected by huge particular person incidents, such because the Bybit hack in February 2025, which noticed roughly $1.5 billion in Ethereum stolen by the North Korean-linked Lazarus Group.
And so in 2026, and not using a recorded billion-dollar loss to drive up the totals, the underlying safety of the DeFi and change ecosystems seems extra steady, whilst smaller, extra focused assaults proceed to plague particular person customers.
Whereas the entire greenback quantity stolen has dropped, the frequency of tackle poisoning is reaching file highs. Cryptopolitan lately reported {that a} dealer misplaced $600,000 on February 17, 2026, after falling sufferer to this actual tactic.
In an tackle poisoning assault, a scammer screens the blockchain for energetic wallets. As soon as they discover a goal, they ship a tiny, zero-value transaction to that pockets utilizing a “vainness tackle” generated to look virtually similar to at least one the sufferer has lately used.
Most crypto customers confirm addresses by checking solely the primary few and previous couple of characters. Scammers use open-source instruments like Profanity to create addresses the place the primary and final 5 characters match the sufferer’s common contacts.
As a result of many wallets abbreviate the center of an tackle with an ellipsis (…), the pretend tackle appears good at a look. The attacker’s purpose is to “poison” the sufferer’s transaction historical past in order that the subsequent time the consumer goes to repeat their very own tackle or a buddy’s tackle for a switch, they by chance copy the scammer’s tackle as a substitute.
Safety corporations now estimate that over a million tackle poisoning makes an attempt happen day by day on the Ethereum community alone. Current upgrades to the Ethereum community, such because the Fusaka improve in late 2025, have lowered transaction charges, making it considerably cheaper for attackers to spam hundreds of wallets with these poisoned transactions.
In December 2025, one other dealer misplaced $50 million in USDT after they copied a pretend tackle from their historical past simply minutes after sending a profitable $50 check transaction.
Consultants goal tackle poisoning vectors
CZ, the previous CEO of Binance, lately urged that each one crypto wallets ought to embody a function that routinely checks if a vacation spot tackle is a recognized “poison tackle” and blocks the consumer from sending funds to it.
Different builders are exploring pre-execution threat assessments, which simulate a transaction and present the consumer a transparent, human-readable abstract of the place the cash goes earlier than they ship it.
For the common consumer, specialists advocate saving frequent addresses of their pockets’s built-in tackle guide moderately than copying them from transaction historical past.
Whitelisting ought to be enabled on exchanges in order that funds will solely be despatched to pre-approved addresses. Customers are additionally inspired to confirm each single character of an tackle or use Ethereum Title Service (ENS) names.