PeckShield reported that February hacking losses fell 98.2% year-over-year to $26.5 million across 15 incidents.
The proposal acknowledges it would require a coordinated network upgrade and could risk a chain split if parts refuse to adopt the change.
About 94,636 BTC tied to the 2016 Bitfinex hack, roughly 30% of the U.S. Strategic Bitcoin Reserve, remain frozen pending legal proceedings.
World Liberty Financial's stablecoin slipped to $0.994 on Feb. 23, a 0.6% deviation that lasted minutes before recovering. For a token backed one-to-one by dollars and government money market funds, with over $5 billion in circulation and the fifth-largest market share among stablecoins, the wobble wasn't supposed to happen. But it did, and the gap […]
The post A coordinated attack caused the USD1 peg wobble but one exchange holds 93% supply appeared first on CryptoSlate.
Step is working on a buyback for holders of native token STEP based on a snpashot of holdings and value prior to the incident.
IoTeX co-founder Raullen Chai said losses are "significantly lower" than circulating estimates, but has not provided a specific figure.
Over two years after stealing $200 million from Mixin Network, an onchain hacker has deposited illict funds on Tornado Cash and sold ETH.
The start of this year brought a hard reminder: people remain the weakest link. Reports note that roughly $370 million in crypto were taken in January, a sharp climb from earlier months. Related Reading: Crypto Funds Bleed $1.80 Billion As Metals Rally Heats Up That surge was driven mostly by one massive social-engineering con that emptied a single victim of about $284 million. Simple lies and well-crafted messages beat code this time. Phishing Dominates Losses According to CertiK, phishing-style scams grabbed about $311 million of the January haul. That means most losses came from attackers tricking users and insiders rather than breaking cryptographic systems. Social pressure, fake links, and impersonation were used to push victims into moving funds. People clicked. Money moved. Accounts were drained. A Bigger Picture Of Monthly Swings Based on reports, January’s total is nearly four times the $98 million stolen in January 2025 and more than triple December’s close to $118 million. The month is the largest since February 2025, when roughly $1.5 billion was taken, most of that tied to the huge Bybit heist. Those big events show how a single breach or scam can tilt an entire month’s tally. Numbers can look calm one month and explosive the next. That unpredictability keeps wallets and treasuries on edge. #CertiKStatsAlert ???? Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits. ~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam. More details below ???? pic.twitter.com/uXhi0P6dl5 — CertiK Alert (@CertiKAlert) January 31, 2026 Major Technical Exploits Hit Treasuries PeckShield flagged several large protocol attacks. Step Finance lost nearly $29 million after treasury wallets were compromised and over 261,000 SOL vanished. Truebit suffered a $26.4 million hit when a smart contract flaw allowed near-free minting, which also crushed its token price. SwapNet and Saga were among other victims, with losses around $13.3 million and $7 million respectively. Those hacks were technical, aggressive, and fast. #PeckShieldAlert In Jan. 2026, the crypto space saw 16 hacks totaling $86.01M in losses, representing a slight 1.42% YoY decrease compared to Jan. 2025 ($87.25M) but a notable 13.25% MoM surge from Dec. 2025 ($75.95M). Meanwhile, #phishing remains staggering with losses… pic.twitter.com/pxugbsPcZ7 — PeckShieldAlert (@PeckShieldAlert) February 1, 2026 Why This Matters Now Reports say there were 40 exploit and scam incidents over January, though the bulk of value lost was concentrated in a few cases. That pattern means the raw count of incidents doesn’t tell the whole story; a single, well-executed con can dwarf many smaller breaches combined. Some months will show many small thefts. Other months will be defined by one enormous fraud. What Needs To Change Security teams and project treasuries must tighten both human and technical safeguards. More rigorous wallet controls, staged approvals, and stronger identity checks would blunt social-engineering strikes. At the same time, independent code audits and quicker response plans can limit damage from smart contract bugs. Education programs for staff and users are cheap compared with the cost of a single large loss. Related Reading: Gold Vs. XRP: One Asset Just Added 20x The Other’s Market Value The recent spike is a clear message: attackers are mixing social skill with technical know-how. The playbook now often starts with a message in a chat app or an email, then turns into code-level theft. Patching software helps. Teaching people how to spot scams will stop many attacks before they ever reach the code. Featured image from Shutterstock, chart from TradingView
A missing validation check seemingly allowed multiple attackers to spoof cross-chain messages and drain the protocol's PortalV2 contract.
The attack sent Step Finance's native STEP token plummeting more than 60% as the protocol enlists security firms to investigate the incident.
Some funds that were initially sequestered to help refund “edge case” victims of The DAO hack will fund a new Ethereum security effort.
TRM Labs estimates that illicit crypto volume surged to an all-time high of $158 billion in 2025, representing just 1.2% of total crypto volumes.
Phylax's Credible Layer allows developers to preprogram rules — or “assertions” — into smart contracts to mitigate exploits.
The US government has been trying to execute a historic pivot with its Bitcoin holdings, shifting from a messy, case-by-case inventory of seized crypto into a strategic national reserve for almost a year now. That ambition, often framed as a “digital Fort Knox,” is now facing a credibility test after allegations that roughly $40 million […]
The post Security of the US government’s $28B Bitcoin reserve threatened after weekend theft reveals flaw appeared first on CryptoSlate.
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
Matcha Meta disclosed a SwapNet security incident on Sunday and PeckShield estimated roughly $16.8 million in crypto was drained.
A cybercriminal known as "Lick" may be the son of the president of a firm contracted by the government to dispose of stolen crypto assets.
Makina Finance lost 1,299 ETH, roughly $4.13 million, in a flash-loan and oracle manipulation exploit. The attacker drained the protocol's funds and broadcast the transaction to Ethereum's public mempool, where it should have been picked up by validators and included in the next block. Instead, an MEV builder identified by the address 0xa6c2 front-ran the […]
The post Explosive truth behind crypto bots that front-run thieves to “save” funds — but they decide who gets paid back appeared first on CryptoSlate.
Makina Finance’s DUSD/USDC pool lost approximately $5 million in a flash loan exploit, security firms reported.
A worrying pattern has formed in the crypto sector. Reports say that about four in five projects hit by major hacks do not fully recover. Money is lost, yes. But the deeper damage is often to trust — and that can be fatal. Related Reading: Saylor Defends Bitcoin Treasury Firms Amid Rising Criticism Trust Erodes Fast When a breach is found, users pull funds quickly. Partners step back. Liquidity dries up. Industry experts, including Immunefi CEO Mitchell Amador, warn that slow or unclear responses can push entire communities away. Some projects try to fix code quietly. That can fail. Silence is sometimes treated as hiding. Panic spreads. Confidence drops. “Nearly 80% of projects that suffer a hack never fully recover,” Amador pointed out. The primary reason, he said, is not the initial loss of funds, but the “breakdown of operations and trust during the response.” How Teams Respond Can Decide Fate Reports note that incident plans are rare and that the absence of a clear playbook hurts more than the bug itself. A quick, honest update can calm people. A slow, confused reaction makes things worse. In many cases, even after the technical flaw is fixed, the project stays damaged because users left and did not return. Some teams are rebuilt under new names. Others never regain attention. The human side of recovery matters a lot. Amador said many protocols freeze once an exploit comes to light. According to him, teams often underestimate how exposed they are and lack the operational readiness needed to handle a serious security breach. Security Problems Are Changing The attacks are not all the same. Smart contract bugs remain a big cause. But now simple human errors, like leaked keys or social tricks, are also common. Reports say that losses in recent years have grown into the billions, with one figure around $3.4 billion lost in a single year. That number shows the scale of the risk. Community Reaction Shapes Outcomes A project can be technically repaired. But the people who used it may have moved on. Communities are fragile. Some founders try to refund users or set up funds to cover losses. That can help. Other teams decide to close down the service and focus on other work. The decision is sometimes made for them when liquidity vanishes and partners cut ties. Recovery is often not just a technical task; it is a rebuild of trust and reputation. Data from Chainalysis shows the $1.4 billion Bybit hack accounted for almost half of crypto losses in 2025. Related Reading: What’s Driving The $1.42 Billion Comeback In Spot Bitcoin ETFs? Huge Damage Crypto hacks jumped sharply in 2025 as attackers hit both large platforms and private wallets. Based on reports, total losses reached $3.4 billion, the biggest annual figure since 2022. Just three breaches were responsible for nearly 70% of that damage by early December, with the $1.4 billion Bybit exploit standing out as the largest. Featured image from Unsplash, chart from TradingView
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
Ledger is dealing with a new data exposure incident involving its third-party payment processor, Global-e.
On-chain security researcher ZachXBT flagged hundreds of wallets across multiple EVM chains getting drained for small amounts, typically under $2,000 per victim, funneling into a single suspicious address. The theft total climbed past $107,000 and kept rising. The root cause is still unknown, but users reported receiving a phishing email disguised as a mandatory MetaMask […]
The post Hundreds of MetaMask wallets drained: What to check before you ‘update’ appeared first on CryptoSlate.
Total losses have reached about $107,000, and ZachXBT cautioned that the figure is likely to increase as the attack unfolds.
Crypto thefts topped $2.2 billion in 2025, on par with last year’s total, as attackers exploited a range of blockchain vulnerabilities.
In addition to a rising number of “private key/seed leaks," pcaversaccio pointed to "a concerning increase in physical attacks" in 2025.
This year’s defining security event was not a sophisticated DeFi exploit or a novel protocol failure, but the $1.46 billion theft from Bybit, a top-tier centralized exchange. That single event, attributed to sophisticated state-sponsored actors, rewrote the narrative of the year. It proved that while the frequency of attacks has dropped, the severity of the […]
The post Crypto hacks dropped by half in 2025, but the data reveals a much deadlier financial threat appeared first on CryptoSlate.
The intellectual property platform on Story Protocol lost about $3.9 million after a governance exploit, with stolen funds later routed through Tornado Cash.
North Korea is constantly evolving its tactics and will continue to use crypto hacks as a main source of revenue, Chainalysis said.
The hacker, who has already bridged the $3.9 million worth of stolen tokens to other chains, will not be affected by the network's planned rollback.