Why Did Crypto Losses Spike Last Month?
Cryptocurrency losses linked to exploits and scams climbed to $370.3 million in January, marking the highest monthly total in 11 months and a sharp rise compared with the start of last year. Data released by crypto security firm CertiK shows the figure was almost four times higher than the $98 million stolen in January 2025.
The surge was driven largely by a single incident. Out of 40 exploit and scam events recorded during the month, one victim accounted for roughly $284 million of the total after falling prey to a social engineering scam. That concentration skewed the overall numbers, but still highlights how high-value targets remain vulnerable to non-technical attacks.
Phishing was the dominant attack vector in January. CertiK said phishing scams alone were responsible for $311.3 million of the total stolen, reinforcing concerns that user-facing attacks are outpacing smart contract exploits as the primary source of crypto losses.
Investor Takeaway
How Does January Compare With Recent Months?
January’s total represents the largest monthly loss since February 2025, when attackers stole roughly $1.5 billion. That earlier figure was heavily influenced by the $1.4 billion breach of the Bybit exchange, which remains one of the largest hacks in the sector’s history.
While January did not see a single exploit on that scale, the aggregate losses still rose sharply. CertiK said the $370.3 million total marked a 214% increase from December, when crypto theft reached $117.8 million. On a year-over-year basis, the jump was even steeper, at more than 277%.
The data suggests that losses are not following a smooth trend but remain sensitive to isolated, high-impact events. A single successful attack can dramatically alter monthly totals, complicating efforts to assess whether underlying security conditions are improving or deteriorating.
Which Hacks Stood Out Beyond Phishing?
Alongside scams, several protocol-level attacks contributed to January’s losses. Security firm PeckShield said the largest hack during the month targeted Step Finance, a decentralized finance portfolio tracker. Attackers compromised multiple treasury wallets, stealing about $28.9 million, including more than 261,000 SOL.
The second-largest exploit involved the Truebit protocol. On Jan. 8, an attacker exploited a flaw in a smart contract that allowed tokens to be minted at near-zero cost. The incident resulted in losses of around $26.4 million and triggered a sharp drop in the price of the TRU token.
PeckShield also flagged a $13.3 million hack on liquidity provider SwapNet on Jan. 26 and a $7 million exploit affecting the Saga blockchain protocol on Jan. 21. While smaller than the largest incidents, these attacks added to a steady stream of losses across the decentralized finance sector.
Investor Takeaway
What Do the Numbers Say About Hack Activity?
PeckShield recorded 16 hacking incidents in January, with combined losses of $86.01 million. That total was slightly lower than the same period a year earlier, down 1.42%, but still represented a rise of more than 13% compared with December.
The contrast between CertiK’s overall theft figures and PeckShield’s hack-specific data highlights an important divide. While the number and size of protocol hacks have not risen dramatically year over year, scam-related losses have expanded much faster, driven by phishing and social engineering.
This shift places more responsibility on users, custodians, and wallet providers, rather than solely on developers. It also complicates risk assessment for investors, since scam exposure is harder to measure through code reviews or on-chain metrics alone.
What Comes Next for Crypto Security?
January’s figures suggest that improvements in smart contract security have not eliminated large losses from the ecosystem. Instead, attackers are increasingly exploiting trust, access, and user behavior, often with fewer technical barriers. Unless defenses against social engineering improve, monthly theft totals are likely to remain volatile.
