February crypto losses fell sharply last month, reaching their lowest level in nearly a year, according to blockchain security firm PeckShield.
In its report on crypto hacks for February, PeckShield said there were 15 main hacks totaling about 26.5 million dollars. That figure makes February crypto losses the lowest monthly total since March 2025.
Several major crypto news outlets repeated the numbers. The headline quickly spread across the industry. After heavy losses in January, the sudden drop looked like good news.
But the story is more complex than it seems.
PeckShield report on February crypto losses
On March 1, blockchain security firm PeckShield posted its monthly report. The numbers looked good. Really good.
In February 2026, the crypto space saw 15 “main hacks” totaling $26.5 million. PeckShield’s tracked losses were down about 69% from January’s roughly $86 million. February 2025 was distorted by the roughly $1.5 billion Bybit theft, which multiple investigators and major outlets described as the largest crypto heist on record.
PeckShield called it the lowest monthly total since March 2025. News outlets ran with it. It felt like proof that security was finally catching up with the bad guys.
But wait, other firms say $37 million
If you saw a different number floating around, you were not wrong. CertiK, another major security firm, reported February crypto losses closer to $35.7 million or $37.7 million. So who is lying? Nobody. They are just counting different things.
PeckShield tracks “main hacks.” That means big protocol breaches, smart contract exploits, and major infrastructure attacks. CertiK casts a wider net. They include phishing scams, wallet drainers, and smaller individual thefts that PeckShield might leave out of the “main hacks” category.
In February, phishing alone accounted for about $8.5 million in losses, according to CertiK’s broader dataset. That alone explains most of the gap between the two reports. If you are writing this down, remember: PeckShield says $26.5 million. CertiK says $35 to $37 million. Both are true. You just have to know what you are looking at.
What actually got hacked: Why do hack totals not match?
If you strip away the data disputes, the actual incidents tell a clear story. February was dominated by two big events, and everything else was small change.
On February 21, YieldBlox, a lending protocol built on the Stellar blockchain, got hit by a price manipulation attack. The attacker exploited low liquidity in a specific trading pair, artificially pumped a token’s value by 100 times, and walked away with $10 million.
The same day, IoTeX, a blockchain platform focused on Internet of Things devices, suffered a private key compromise. Someone got access to the project’s token safe and made off with roughly $8.9 million, though IoTeX itself argued the real number was closer to $2 million.
Those two incidents alone accounted for more than 70% of the month’s total losses. Everything else, including attacks on Crosscurve, Foom Cash, and Moonwell, added up to the remaining millions.
Why did it drop so sharply? February crypto losses hit a low
The easy answer is that there was no mega hack in February. No Bybit. No $100 million bridge failure. Just a couple of mid-sized exploits and a lot of quiet days.
But analysts point to something else. February started with a sharp market correction. Bitcoin briefly dipped below $70,000. Trading volumes cooled. Liquidity pulled back.
PeckShield said in a Cointelegraph report that during high volatility periods, the “tactical focus often shifts from protocol exploits to navigating market liquidity.” In plain English: when prices are crashing, hackers are watching the charts just like everyone else. They might wait for calmer waters to strike.
Kronos Research analyst Dominick John added that platforms are getting better at risk controls. Capital is flowing toward protocols with real security audits and real monitoring. The days of throwing money at unaudited code and hoping for the best are fading.
A private key compromise does not require finding a bug in complex code. It requires tricking someone, stealing credentials, or exploiting sloppy opsec. It is low-tech. And it is getting easier because of “drainer as a service” operations that sell phishing kits to anyone willing to pay.
PeckShield put it bluntly: “Instead of trying to hack the contract, bad actors are increasingly focused on hacking the person.”
What to expect in March
The bear market of early 2026 is real. Bitcoin is down roughly 50% from its October 2025 peak. Total value locked in DeFi has pulled back. Retail interest is cooling. Historically, hack losses correlate with activity. More money moving around means more opportunities to steal it. Less money means less action.
If March stays quiet, if TVL continues to shrink, and if trading volumes stay low, do not be surprised if February crypto losses remain the floor rather than the exception. That is not necessarily good news. It just means there is less to steal.
The more worrying possibility is that hackers are simply waiting. Waiting for the next bull run. Waiting for liquidity to return. Waiting for protocols to let their guard down.
February was quiet. March might be too. But the infrastructure for stealing crypto, the private key exploits, the phishing drainers, and the fake social media accounts is still there. It is not going anywhere.
Key takeaway
February crypto losses hit $26.5 million according to PeckShield, or $37.7 million according to CertiK. Pick your framework. Either way, it is the lowest month since March 2025.
Two incidents did most of the damage. Private key compromises and phishing are rising. Smart contract exploits are falling. Whether that means security is winning or the bad guys just changed tactics depends on whether you are looking at the dollar signs or the behavior.
Watch March closely. If losses stay low while markets recover, that is real progress. If losses stay low because markets stay frozen, that is just gravity.
FAQ
- Why did crypto hacks drop in February 2026?
The drop happened for three reasons. First, there was no mega hack like the $1.5 billion Bybit theft in February 2025. Second, the market corrected sharply, which may have shifted hacker attention away from protocol attacks. Third, security measures like better audits and real-time monitoring are improving across the industry. - Are blockchain hacks actually decreasing?
It depends on the metric. Dollar losses are down significantly. But the number of incidents is not falling as fast. Phishing and wallet compromises remain persistent threats. The decrease in dollars stolen largely reflects the absence of a single catastrophic event and lower overall market activity. - Why do PeckShield and CertiK report different numbers?
PeckShield tracks “main hacks,” focusing on major protocol breaches and infrastructure attacks. CertiK includes a broader range of incidents like phishing, wallet drains, and smaller thefts. Both are legitimate measurements. They just measure different things. - What was the biggest hack in February 2026?
The largest single incident was the YieldBlox attack on February 21, which resulted in $10 million in losses through price manipulation. The second largest was the IoTeX bridge incident, also on February 21, with losses of around $8.9 million. - What should I watch for in March?
Watch whether the total value locked in DeFi recovers or continues to fall. Watch whether phishing incidents increase even as dollar losses stay flat. And watch whether any protocol with low liquidity gets targeted for price manipulation, since that was February’s winning tactic.
