Authorities disrupted more than 120 cryptocurrency fraud domains, cutting off key infrastructure used to target victims.
Coinbase is directing some Commerce users to a seed-phrase recovery flow ahead of a March 31 migration deadline. The issue sits inside Coinbase’s shutdown plan for legacy Commerce wallets. In its transition guide, Coinbase says users with funds in a Commerce wallet must withdraw them before March 31, 2026, when the Commerce portal and withdrawal […]
The post Coinbase instructs users to follow the same ‘foolish’ steps scammers use to withdraw funds from wallets appeared first on CryptoSlate.
The U.S. Secret Service is participating in a multinational operation targeting crypto approval-phishing scams.
International law enforcement effort targets approval-phishing schemes tied to crypto investment fraud.
Bybit blocked more than $300 million in unauthorized withdrawals during the final quarter of last year — a figure that puts February’s total crypto theft losses in sharp relief. Related Reading: Bitcoin Crosses 20 Million Coins Mined — And Only 1 In 20 Remains According to security firm Nominis, close to $50 million was stolen across the entire crypto industry last month, a fraction of what Bybit alone says it turned away in just three months. Attackers Home In On Human Error The drop from January’s $385 million in losses might look like progress, but security researchers say the more significant story is where the attacks are coming from. Social engineering — scams that trick people into handing over access — caused more cumulative damage in February than traditional software exploits did. Phishing campaigns climbed sharply during the month, with criminals sending fraudulent messages designed to get users to click malicious links or sign transactions they shouldn’t. The most common method was authorization abuse. Victims were manipulated into granting wallet permissions without realizing what they’d approved. Once those permissions were in place, attackers could move funds out freely. Private individuals bore the brunt of these attacks, not exchanges or large protocols. One Breach Drove Most Of The Damage A single incident accounted for most of February’s losses. Step Finance, a portfolio analytics platform built on Solana, was drained of approximately $30 million. Strip that one event out, and February would have been remarkably quiet by recent standards. The broader numbers back that up. Blockchain security company PeckShield put February losses at $26.5 million — the lowest monthly figure since March 2025. PeckShield credited stronger risk controls and better security practices across the industry for part of the decline. Big Losses Still Loom Over The Industry Even with a quieter month on the books, the industry’s annual toll remains staggering. Data from Chainalysis shows crypto hacks cost the industry $3.4 billion last year. That figure underscores how much ground still needs to be covered before theft can be called a contained problem. Related Reading: Bitcoin ETFs Break 5-Month Streak With 2nd Consecutive Week Of Inflows Bybit’s own numbers offer a window into how much active work that requires. The exchange said its fraud systems flagged roughly 350 high-risk addresses and stopped around 8,000 users from falling into potential scams — all in a single quarter. Reports indicate that while large-scale protocol attacks appear to be easing, the rise in scams targeting everyday users signals that criminals are simply redirecting their efforts. Better smart contract audits and stronger on-chain monitoring may be closing one door. But as long as people can be deceived into approving the wrong transaction, another door stays open. Featured image from Trillium Mutual Insurance, chart from TradingView
February was unusually quiet for crypto thieves. After months of eye-watering losses, the industry recorded just $26.5 million in total hack and scam-related damages last month — the smallest monthly figure in 11 months, according to blockchain security firm PeckShield. Related Reading: Bitcoin In The Line Of Fire: Price Dips To $63k As US, Israel Launch Strikes On Iran It’s a number that stands in sharp contrast to the carnage seen in early 2025, when a single breach wiped out $1.5 billion from crypto exchange Bybit. 2 Attacks Did Most Of The Damage Out of 15 recorded incidents in February, two attacks were behind much of the losses. The bigger of the two hit YieldBlox, a DAO-managed lending pool, on Feb. 21. Attackers manipulated token prices to drain $10 million from the protocol. That same day, decentralized identity platform IoTeX was also struck — clos to $9 million was taken through a private key exploit. Together, those two incidents alone made up over 70% of the month’s total losses. Compared to January, the drop is hard to ignore. Reports from PeckShield show that February’s $26.5 million total represents a 69% decline from the $86 million recorded just a month earlier. #PeckShieldAlert In Feb. 2026, the crypto space saw 15 main hacks totaling $26.5M, representing a 98.2% YoY decrease compared to Feb. 2025 ($1.5B, including the $1.4B #Bybit drain) and a notable 69.2% MoM decrease from Jan. 2026 ($86.01M in losses).#Top5 Hacks :… pic.twitter.com/Svp7SZWp5w — PeckShieldAlert (@PeckShieldAlert) March 1, 2026 Part of the explanation, according to a PeckShield spokesperson, is simply the absence of a headline-grabbing, billion-dollar breach. When no single attack dominates the numbers, the totals look far more manageable. Market conditions also played a role. Bitcoin dipped below $70,000 in early February, triggering a broad market correction that appeared to shift the focus away from protocol attacks. During turbulent stretches, traders and institutions are preoccupied with managing losses and moving liquidity. That kind of environment, reports suggest, tends to suppress exploit activity rather than encourage it. Crypto Security Standards Are Getting Stricter The improvement may not be entirely down to luck or timing. Analysts say that tighter risk controls, stronger vetting of counterparties, and better real-time monitoring across major platforms have all contributed to a more secure environment. Artificial intelligence is being credited as a rising force in the fight against vulnerabilities. Automated code checks, anomaly detection tools, and pre-deployment attack simulations are catching problems earlier — before they can be exploited. Experts say that if security standards keep pace with the rate of innovation, losses could continue to shrink through the rest of the year. Phishing Stays A Stubborn Threat Not everything is trending in the right direction. Phishing attacks — where criminals pose as trusted contacts or platforms to steal login credentials and private keys — remain a serious and ongoing problem. Related Reading: Say What You Want — XRP’s Chart Is Screaming $50 — Analyst Losses tied to wallet-draining phishing schemes fell sharply in 2025, dropping from $494 million down to $83 million. But the threat has not disappeared. According to PeckShield, bad actors are increasingly shifting their attention away from targeting code and toward targeting people. Tricking a user into handing over access is often easier than cracking a well-audited smart contract. The firm urged both institutions and large holders to rely on multi-signature cold storage solutions and to treat private key security as non-negotiable. Featured image from Unsplash, chart from TradingView
Crypto phishing losses plunged in 2025, but experts warn the threat has only changed shape rather than disappeared. Reports show a sharp fall in money stolen by wallet-draining scams, even as attackers tested new tricks tied to recent protocol changes. Related Reading: Bitcoin Dominance Grows As Altcoins Post Another Losing Year: Analyst Scam Sniffer Data Shows Drop According to Scam Sniffer’s 2025 analysis, wallet drainer phishing losses fell to about $83.85 million — an 83% decline from roughly $494 million in 2024. The number of affected wallets dropped to around 106,000, a fall of about 68% year-on-year. These figures come from the security platform’s annual study and were picked up by major crypto outlets. Attackers Shift, Not Stop Only 11 incidents topped $1 million in 2025, down from 30 the prior year, signaling fewer headline grabs but a rise in smaller hits. The largest single theft recorded last year was roughly $6.5 million, tied to a malicious Permit signature attack. Average losses per victim fell to roughly $790, which suggests attackers moved toward more frequent, lower-value strikes. Market Moves Mattered Losses followed market activity. The third quarter logged the highest damage at about $31 million, when Ethereum’s rally brought more users and approvals onchain. Monthly peaks included August, which posted about $12.17 million, while December was the quietest with roughly $2 million. That pattern shows fraudsters target busy trading windows. 1/ Ever woken up to an empty crypto wallet? With scammers draining $107K+ across EVM chains JUST THIS WEEK (per @zachxbt), it’s scarier than ever! Shoutout to @realscamsniffer for their 2025 report – losses down 83%, but threats are evolving FAST. Let’s recap & warn on 2026… https://t.co/uSerpsg80d — JP (@rugpullfinder) January 3, 2026 Permit Signatures And New Vectors Reports highlighted Permit and Permit2 signature abuses as a major driver of big losses, accounting for a large share of multi-million cases. Scam Sniffer also flagged EIP-7702 batch signature techniques that were used in a few complex attacks after network upgrades. Security teams say these methods exploit user approval flows rather than raw smart-contract bugs. Why The Drop Happened Analysts attribute much of the improvement to better wallet warnings, wider use of approval revocation tools, and more active tracking by onchain monitors. Some defenders also point to reduced market froth in parts of the year, which lowered the pool of high-value targets. Still, multiple outlets stress that reduced totals do not equal safety. Related Reading: A Maduro Bet, A Market Alarm: US Lawmaker Targets Trading Abuses Based on reports, phishing will likely remain cyclical: losses could spike again during big rallies or when new signing features are introduced. Security firms urge users to check approvals, avoid blind signing, and use wallet tools that flag risky requests. Regulators and exchanges are watching the trend, but responsibility for many attacks still falls to individual users and wallet software. Featured image from Unsplash, chart from TradingView
This year’s defining security event was not a sophisticated DeFi exploit or a novel protocol failure, but the $1.46 billion theft from Bybit, a top-tier centralized exchange. That single event, attributed to sophisticated state-sponsored actors, rewrote the narrative of the year. It proved that while the frequency of attacks has dropped, the severity of the […]
The post Crypto hacks dropped by half in 2025, but the data reveals a much deadlier financial threat appeared first on CryptoSlate.
The defendant reportedly told friends he lost $6 million gambling on crypto, and went by "@lolimfeelingevil" on Telegram.
Security issues like data breaches and phishing attacks are a type of feedback for Web3 designers, argues Tools for Humanity’s Adrian Ludwig.
The hacker who drained UXLINK in a high-profile exploit has ironically become a victim of crypto crime himself. On Sept. 23, blockchain security platform Scam Sniffer reported that the attacker lost roughly 542 million UXLINK tokens, valued at more than $50 million, to a phishing scheme executed by another bad actor. SlowMist co-founder Yu Xian […]
The post Crypto hacker falls victim to own scam losing $50 million to Inferno Drainer’s phishing attack appeared first on CryptoSlate.
An unidentified crypto investor has lost over $3 million in a highly coordinated phishing attack after unknowingly authorizing a malicious contract. On Sept. 11, blockchain investigator ZachXBT first flagged the incident, revealing that the victim’s wallet was drained of $3.047 million in USDC. The attacker quickly swapped the stablecoins for Ethereum and funneled the proceeds […]
The post New ‘sophisticated’ phishing exploit drains $3M in USDC from multi-sig wallet appeared first on CryptoSlate.
Around 80% of the top 10 largest holders of World Liberty Financial’s WLFI token took profits within a day of the asset’s launch. On Sept. 2, pseudonymous blockchain analyst Aixpta reported that eight of the top ten WLFI holders had either partially or fully sold their positions. According to the analysis, only the second and […]
The post 80% of top WLFI holders cash out within hours as phishing threats loom appeared first on CryptoSlate.
Venus Protocol temporarily suspended its platform on Sept. 2 after a user lost tens of millions of dollars in a targeted phishing incident. The pause followed reports from blockchain security firm Cyvers, which flagged a suspicious transaction draining nearly $27 million from a single wallet. According to reports, the stolen assets included $19.8 million in […]
The post Venus Protocol suspends platform after phishing scam drains $27 million, XVS falls 6% appeared first on CryptoSlate.
Welcome to Slate Sundays, CryptoSlate’s new weekly feature showcasing in-depth interviews, expert analysis, and thought-provoking op-eds that go beyond the headlines to explore the ideas and voices shaping the future of crypto. Crypto crime is on the rise. From the first epic hack of mighty Mt. Gox to the intricate OneCoin scam orchestrated by nefarious Bulgarian […]
The post The many faces of crypto crime and the relentless cat-and-mouse chase appeared first on CryptoSlate.
Fake CTG token pop-ups appeared on the crypto news website urging users to connect wallets.
A crypto trader lost over $2.5 million worth of Tether (USDT) after falling for the same scam twice within hours. On May 26, blockchain security firm Scam Sniffer reported that the first error occurred when the trader copied a manipulated wallet address from their transaction history. This resulted in a transfer of $843,000 to the […]
The post Crypto trader loses $2.5 million USDT after falling for address poisoning scam twice appeared first on CryptoSlate.
Phishing scams targeting crypto users have become more advanced, with attackers abusing Google’s infrastructure to conduct highly convincing attacks. On April 16, Nick Johnson, the founder and lead developer of Ethereum Name Service (ENS), raised concerns over a fresh method cybercriminals use to compromise Gmail accounts and potentially target associated crypto wallets. How phishing attackers […]
The post Phishing scammers now exploiting Google’s infrastructure to target crypto users appeared first on CryptoSlate.
ZkLend, a decentralized lending protocol built on Starknet, has confirmed that the hacker responsible for its February exploit lost a significant portion of the stolen funds to a phishing scam. In an April 1 post on X, ZkLend revealed that the attacker tried to launder 2,930 ETH, worth around $5.4 million, through crypto mixer Tornado […]
The post Hacker falls victim to phishing scam after exploiting ZkLend for millions appeared first on CryptoSlate.
On March 13, hackers seemingly took control of DB, a well-known crypto news platform, using its X account to spread false information about Donald Trump’s TRUMP memecoin and a fabricated BlackRock ETF filing for Hyperliquid. The misleading posts had an immediate impact. TRUMP’s price surged by 20% before quickly collapsing, while the fake ETF news […]
The post DB news X account hack leads to 20% Trump memecoin pump and dump appeared first on CryptoSlate.
Phishing-related crypto losses fell for the third consecutive month in February, with 7,442 victims losing $5.32 million, according to data from Scam Sniffer. The security firm reported that this represents a significant 48% decline from January’s $10.25 million and December 2024’s $23.58 million. The blockchain firm pointed out that the downward trend suggests that crypto […]
The post Phishing losses drop 48% to $5.32 million in February as crypto users grow more vigilant appeared first on CryptoSlate.
Blockchain security firm Scam Sniffer reported that crypto phishing scams drained $10.25 million from 9,220 victims in January, marking a 56% decline from December’s $23.58 million in losses. However, the report notes that the bad actors have been evolving and implementing more sophisticated attack methods. Ethereum users targeted According to Scam Sniffer, Ethereum users were […]
The post Crypto phishing scams drained $10.25 million in January appeared first on CryptoSlate.
Blockchain security firm Scam Sniffer warned that crypto investors are facing a surge in malware scams on social media platform Telegram compared to the traditional phishing methods. While phishing still causes substantial losses—estimated at nearly half a billion dollars in 2024—its growth has plateaued. In contrast, Scam Sniffers reported that Telegram malware scams represent a […]
The post Telegram malware scams spike 2,000% as crypto investors face new threat appeared first on CryptoSlate.
23pds, the pseudonymous Chief Information Security Officer (CISO) at blockchain security firm SlowMist, has raised concerns about potential phishing attacks targeting more than seven million OpenSea users whose emails were leaked in a June 2022 breach. 23pds stated: “Remember the attack on the OpenSea mail service provider in 202[2] that led to the leakage of […]
The post Crypto industry alarmed as 7 million OpenSea email users’ leak resurfaces appeared first on CryptoSlate.
Crimeware-as-a-service fuels cybercrime in crypto. Explore its impact, tactics used and key steps to safeguard your wallets and transactions.
According to cybersecurity firm CertiK, the number of crypto hacks and exploits rose to 303 incidents in 2024, up from 282 in 2023.
The security incidents occurred days after a researcher discovered a critical bug in a Virtuals Protocol audited contract, which was fixed.
Cointelegraph obtained data set samples packed with sensitive information of crypto conference attendees that could be a treasure trove for scammers.
Scammers are spoofing the support email for hardware wallet maker Ledger, prompting users to share their seed phrases under the pretense of checking for a compromise.
Hardware wallet provider Ledger has linked a recent loss of funds by one of its users to a phishing attack in February 2022.