February 2026 concluded with the lowest monthly losses from cryptocurrency hacks and exploits since March 2025, totaling $37.7 million. This figure marks a significant drop from previous months, which were often inflated by billion-dollar incidents. However, this relative improvement in total value stolen masks a concerning rise in the frequency of sophisticated, low-value attacks, particularly address poisoning scams.
The month's losses were spread across several notable incidents. The largest confirmed exploit targeted the SOF token, resulting in a $10.5 million loss. This was closely followed by a hack on the IoTeX bridge, where a private key compromise of the ioTube cross-chain bridge led to the theft of approximately $8.9 million across multiple assets including USDC and WBTC. Other projects like Foom, Ploutos, and CrossCurve suffered losses ranging from $1.4 million to $2.2 million.
Phishing attacks alone accounted for roughly $8.5 million of the monthly total. Security firm CertiK reported that wallet compromises caused over $16.6 million in losses, while price manipulation schemes led to $11.4 million in damages. Code vulnerabilities and exit scams contributed another $5.1 million and $2.1 million, respectively. DeFi platforms bore the brunt, losing $14.4 million, while AI-focused projects lost nearly $8.9 million. Approximately $11.3 million of the stolen funds were recovered or frozen.
A separate but significant development involved a controversial proposal from former Mt. Gox CEO Mark Karpelès. He suggested a hard fork of the Bitcoin network to recover 79,956 BTC (valued at over $5.2 billion) locked in the infamous "1Feex" address from the 2011 hack. The proposal, which would allow Japanese courts to monitor the funds, has sparked intense debate. Critics argue it dangerously undermines Bitcoin's core principle of immutability, while proponents view it as an exceptional measure for a clear case of theft.
Despite the lower total losses, the threat landscape is evolving. Address poisoning attacks are reaching record highs, with security firms estimating over one million attempts daily on the Ethereum network alone. These scams involve sending zero-value transactions from addresses crafted to look nearly identical to a victim's trusted contacts, tricking users into sending funds to the wrong wallet. The lower transaction fees resulting from Ethereum's Fusaka upgrade in late 2025 have made it cheaper for attackers to execute these spam campaigns.
In response, industry figures like former Binance CEO CZ have suggested wallets should integrate features to automatically detect and block known poison addresses. Developers are also exploring pre-execution transaction simulations to provide users with clearer risk summaries. Experts strongly recommend that users save frequent contacts in address books, enable exchange whitelisting, verify every character of an address, or use Ethereum Name Service (ENS) domains for safer transactions.
