A new report from blockchain security firm Nominis reveals a dramatic 87% decline in total cryptocurrency losses from attacks in February, falling from $385 million in January to $49.3 million. However, this positive headline masks a concerning shift in attacker tactics: hackers are increasingly targeting human behavior and operational security rather than exploiting code vulnerabilities.
The Anatomy of February's Attacks
The majority of February's losses—over 60%—stemmed from a single attack on Step Finance, a Solana-based DeFi platform. In this incident, attackers compromised devices belonging to the project's executive team, potentially exposing private keys. This allowed them to unstake and move 261,854 SOL (worth up to $40 million) from project-owned wallets. The damage was so extensive that Step Finance was forced to shut down its core platform and affiliated projects, including SolanaFloor and Remora Markets.
Other significant incidents included a $3 million loss by cross-chain protocol bridge CrossCurve due to an exploit of flawed validation logic, and a $10.2 million loss by DeFi lending platform YieldBlox after a bad actor manipulated its collateral pricing logic. The month also saw numerous address poisoning scams targeting individuals, with losses ranging from $100,000 to nearly $600,000.
A Broader Pattern of Social Engineering
The Nominis study concludes that most losses now originate from compromised user accounts, misleading transactional requests, and users copying incorrect wallet addresses. This trend is further evidenced by a separate analysis showing a massive spike in "dust attacks" or address poisoning scams on the Ethereum network following its Fusaka upgrade.
Research by Wise Crypto indicates that in the 90 days after the upgrade, which reduced transaction fees, dust transfers exploded. USDT transfers under $0.01 surged by 612% (from 4.2 million to 29.9 million), while similar USDC transactions rose 473%. These campaigns flood a victim's transaction history with fake addresses that closely resemble genuine ones, hoping users will mistakenly copy them. One high-profile case in late December 2025 resulted in a single victim losing $50 million.
Security researchers note that these are industrialized scams relying on volume; one study cited by Etherscan suggests only 1 in 10,000 attempts succeeds, but a single large theft can fund thousands of failed attempts. The overarching message from security firms is clear: the ecosystem's weakest link is no longer the blockchain code, but the human behaviors and practices surrounding it.
