Report: Crypto Losses Drop 87% as Attacks Shift to People

February Losses Show Sharp Drop, Yet Threats Evolve

The latest security briefing from blockchain risk firm Nominis shows February delivered a dramatic 87% decline in total crypto losses, tumbling from $385 million in January to $49.3 million in February. The decline marks the lowest monthly tally in many markets this year, suggesting stronger protocol safeguards and improved incident response across major DeFi platforms.

Still, analysts caution that the headline figure masks a shift in attacker playbooks. A new report: crypto losses drop highlights a growing emphasis on social engineering and user-targeted fraud rather than purely on exploiting smart contract flaws. In other words, hackers are chasing people, not just code, as the primary vector of crime in crypto markets today.

“The numbers look better on the surface, but the threat landscape is shifting,” said a senior analyst at Nominis. “We’re seeing more incidents that rely on compromised devices, misleading prompts, and maligned approvals than on edge-case bugs in contracts.”

How February’s Losses Unfolded

February’s total losses were driven by a handful of events, with one single incident accounting for the majority of the damage. The following bullets summarize the most consequential lines in the February ledger:

• Step Finance hack: The majority of February’s losses originated from a breach that targeted devices used by the project’s leadership. Hackers reportedly exfiltrated private keys or captured transaction approvals, then unstaked and moved 261,854 SOL — valued at as much as $40 million — from Step Finance wallets. The fallout was severe enough to suspend the core platform and related projects such as SolanaFloor and Remora Markets.
• CrossCurve breach: A separate cross-chain incident drained about $3 million due to flawed validation logic in a bridge contract processing messages from the Axelar network.

Beyond these two large events, smaller but meaningful losses emerged from multiple fronts, including a DeFi lender and a pair of cross-chain components. In total, February’s figures captured a mix of protocol-level exploits and opportunistic theft that illustrate the dynamic risk environment in DeFi and crypto infrastructure.

Attackers Targeting People, Not Just Code

A striking thread in February’s activity is the rise of social engineering and address-poisoning scams. Rather than solely chasing smart contract bugs, criminals increasingly manipulate users into approving transactions or divulging keys. In several cases, attackers infected wallets or persuaded victims to sign malicious token-approval prompts, enabling unauthorized access and funds drainage.

• Address poisoning scams mapped across dozens of wallets with losses ranging from $100,000 to nearly $600,000 per event. The method relies on convincing targets to accept or approve fraudulent transfers.
• Malicious approvals persisted as a frequent tactic, with users unknowingly granting permission for criminals to move assets on their behalf.

Industry observers say the shift toward user-targeted scams aligns with broader security realities: as code audits and bug fixes tighten up, adversaries adapt by exploiting human factors, wallet tools, and social prompts. The sentiment is echoed in the line of thought captured by the phrase report: crypto losses drop, which many analysts cite as evidence that the risk frontier is now increasingly social as much as technical.

Case Studies From February

Step Finance stands out as a cautionary tale about the human vector of risk. While on-chain data shows the loss event culminated in a large asset drain, the underlying breach is believed to reflect compromised devices that allowed attackers to push improper approvals or signed transactions. The knock-on effect was a platform shutdown that rippled through the Solana DeFi ecosystem, affecting related projects and liquidity channels.

In other notable incidents, YieldBlox faced a collateral pricing manipulation that permitted higher borrowing capacity than allowed, resulting in about $10.2 million in losses. CrossCurve’s $3 million hit underscores the persistent hazards in cross-chain messaging and bridge logic, which remain a focal point for security reviews across Layer 1 and Layer 2 ecosystems.

Market Context: Why February Was Not a Free Pass

Despite the strong February showing, several factors remind investors that risk remains. Crypto markets have cooled since the late-2023 surge, with liquidity ebbing and risk-off sentiment prevailing in several corners of the space. Exchanges and DeFi protocols have stepped up security drills, multi-sig governance, and real-time risk monitoring, yet attackers continue to exploit the weakest link: users who rush to transact without verifying prompts.

From a risk-management perspective, February’s data should sharpen due diligence around wallet hygiene, multi-factor authentication (MFA) adoption, and prompt response workflows. If the risk landscape continues to tilt toward social manipulation, platform operators may push for more stringent transaction approvals, time-delays, and user education campaigns that emphasize the danger of fake prompts and suspicious token allowances.

What This Means for Investors and Developers

• Security remains a moving target. The sharp decline in overall losses does not indicate a end to risk, but rather a shift in attack methods. Investors should prioritize end-user security training and platform-level controls that detect unusual approval activity.
• DeFi risk management evolves. Protocols may adopt stricter access controls, faster incident response cycles, and improved key-management practices to reduce the likelihood of executive-device compromise.
• Education matters as much as audits. With social-engineering techniques on the rise, clear warning prompts, interactive security drills, and user-centric security design become essential components of a healthy crypto ecosystem.

For traders and investors, the February results underscore a practical takeaway: even as losses shrink, the risk-reward calculus depends on preventing user errors and ensuring robust wallet security. The phrase report: crypto losses drop has entered the industry lexicon as a shorthand for progress on code security, but the evolving threat landscape argues for a broader, more persistent focus on people-driven risk.

Looking Ahead: March and Beyond

Analysts expect February’s momentum to influence March risk assessments, with more emphasis on human factors and behavioral analytics. Security teams are likely to double down on phishing simulations, suspicious-approval monitoring, and cross-chain vetting to prevent a repeat of the big-ticket February losses.

As the ecosystem advances, regulators and industry groups may also push for standardized reporting on social-engineering incidents and clearer disclosures around wallet-safety practices. In the meantime, the data suggests a cautious path forward: fewer dollars lost, but a higher share of incidents tied to how people interact with crypto platforms.

Bottom Line

February’s 87% drop in crypto losses signals progress on protocol security and incident response, yet the rise of people-targeted attacks marks a new chapter in crypto risk. The ongoing evolution of attacker methods will test platforms, users, and policymakers alike as markets head into spring trading seasons and potential volatility.