CertiK: $370M+ lost in January as phishing and ‘wrench attacks’ surge
Security firm CertiK reported more than $370 million in crypto losses from exploits, hacks and scams in January 2026, later updated to over $398 million across 42 incidents. Phishing and social‑engineering attacks accounted for roughly $311 million of the total, with about $284 million tied to a single large phishing/social‑engineering scam. January 2026 losses were nearly four times January 2025 levels and rose sharply from December 2025. Major incidents included the theft of ~261,854 SOL (around $27–28M) from Step Finance treasury wallets and a Truebit exploit that abused an integer‑overflow vulnerability to mint tokens, causing about $26–26.6M in damage and a sharp drop in TRU. CertiK’s Skynet report also flagged a 75% year‑on‑year rise in “wrench attacks” (physical coercion such as kidnapping, assaults and home invasions) in 2025, with 72 verified incidents and confirmed losses above $40.9M; Europe accounted for about 40% of those incidents, with France most affected. CertiK warns the real toll is likely higher due to under‑reporting and silent settlements and notes growing use of AI by scammers. For traders: expect heightened short‑term volatility in affected tokens (notably SOL and TRU), larger market sensitivity to security disclosures, and increased scrutiny of custody and on‑chain risk. Primary keywords: crypto scams, phishing, social engineering, wrench attacks, DeFi exploits, Step Finance, Truebit, CertiK.
Bearish
The incidents reported — large phishing/social‑engineering losses and high‑value exploits — directly increase downside pressure on the affected tokens, particularly SOL (Step Finance theft) and TRU (Truebit exploit). Immediate effects: heightened selling by victims, wider risk premia on tokens tied to compromised projects, and short‑term liquidity squeezes that can amplify price swings. Market participants typically react to security breaches with rapid de‑risking: exchanges may delist or pause deposits/withdrawals for exposed tokens, and market makers widen spreads, reducing depth and increasing volatility. Medium term: if projects remediate quickly, restore reserves, or offer clear recovery paths, prices can stabilise; persistent uncertainty, ongoing thefts, or evidence of governance/contract failures will suppress demand and keep valuations lower. The added dimension of rising physical “wrench attacks” and AI‑enhanced scams increases systemic risk perception across DeFi, likely raising the market’s overall security premium and dampening investor appetite for higher‑risk or poorly audited tokens. For traders, the most likely outcome is continued downside pressure on the directly affected assets, with elevated short‑term volatility and a longer‑term discount for tokens with demonstrable security weaknesses.