Crypto Losses Fall 87% in February as Attackers Shift from Protocols to People

Total crypto losses from attacks fell 87% in February to $49.3 million, according to blockchain security firm Nominis, after January’s roughly $385 million. The drop reflects fewer large protocol-level exploits, but attackers increasingly targeted people and operational weaknesses. The largest incident was the Solana-based Step Finance compromise: a single compromised executive device led to the theft of 261,854 SOL (≈$27–40m), forcing Step to suspend core services and accounting for over 60% of February’s losses. Other technical exploits still occurred — YieldBlox lost about $10.2m via oracle manipulation and CrossCurve lost roughly $3m through flawed Axelar message validation; IoTeX also reported a cross-chain minting/validation issue. Social-engineering attacks surged, with address-poisoning (sending look-alike addresses), malicious token approval scams (tricking users into increaseAllowance-like approvals), phishing, and exposed seed phrases costing users hundreds of thousands of dollars. Law enforcement activity rose: U.S. authorities seized funds linked to pig-butchering fraud (reported sums vary) and a new Scam Center Strike Force has frozen hundreds of millions in stolen crypto. Nominis concludes the main risk vector has shifted from exploitable protocol code to compromised accounts, team devices, and operational errors. For traders, key takeaways are heightened counterparty and custody risk — prioritize hardware wallets, multisig and rigorous key custody, verify addresses and transaction approvals, limit private-key/device exposure, and watch projects with admin keys or oracle dependencies for operational vulnerability.