Crypto related losses dropped to 49 million dollars in February, but attackers are increasingly relying on phishing and user manipulation, according to blockchain security firm Nominis.
The firm’s report revealed that total losses from cryptocurrency attacks declined sharply by 87 percent. The figure dropped from 385 million dollars in January to 49.3 million dollars in February.
Although the significant reduction in stolen funds suggests stronger protocol security, Nominis explained that a deeper look at February’s incidents indicates a shift in attacker strategy. Instead of exploiting weaknesses in smart contract code, criminals are increasingly targeting the people who use these systems.
Breakdown of February’s Crypto Attacks
According to the report, a major incident involving Step Finance, a decentralized finance platform built on the Solana network, accounted for more than 60 percent of the total losses recorded in February.
Attackers reportedly compromised devices belonging to members of the project’s executive team. This breach may have exposed private keys or enabled unauthorized transaction approvals. Following the breach, the attackers unstaked and transferred 261,854 SOL, valued at as much as 40 million dollars, from wallets controlled by the project.
The incident had severe consequences for the platform. Step Finance was forced to shut down its main platform along with related projects including SolanaFloor and Remora Markets.
Other losses came from several separate attacks. CrossCurve, a cross chain protocol bridge, lost around 3 million dollars after an attacker exploited faulty validation logic in a contract that processes incoming messages from the Axelar network.
In another case, YieldBlox, a decentralized finance lending platform, suffered losses of approximately 10.2 million dollars. The attacker manipulated the platform’s collateral pricing mechanism, allowing them to borrow more funds than the system normally permitted.
Several address poisoning scams also targeted individual users. Victims lost amounts ranging from about 100,000 dollars to nearly 600,000 dollars. Some users also had funds drained after unknowingly approving malicious token transactions. In these situations, fake prompts trick victims into granting criminals permission to withdraw funds from their wallets.
A Growing Trend in Crypto Security Threats
Beyond direct attacks, investigators and authorities uncovered several other developments during February. For example, SlowMist released a detailed analysis of a phishing campaign that targeted administrators of cryptocurrency projects.
In this campaign, attackers created counterfeit versions of legitimate token vesting tools in order to trick project operators into granting them access to smart contracts.
Authorities in South Korea are also investigating an incident where a wallet seed phrase was accidentally revealed in a publicly shared photograph. Attackers used the information to reconstruct the wallet and steal nearly 5 million dollars worth of cryptocurrency.
From an enforcement perspective, the United States Department of Justice announced that it had seized more than 61 million dollars in cryptocurrency linked to a pig butchering investment fraud scheme. Investigators traced the funds through blockchain analysis and successfully obtained legal forfeiture of the assets.
Based on the events of February, the report concluded that most crypto losses are no longer driven by unknown vulnerabilities in underlying code. Instead, they are primarily caused by compromised user accounts, deceptive transaction requests, and users copying incorrect wallet addresses. According to Nominis, the weakest points in the cryptocurrency ecosystem are not the blockchains themselves but the human behavior and operational practices surrounding them.#crypto#cryptonews https://t.me/coinsignalpublic https://coinsignals.net
