3 Minutes
Crypto thefts hit $370.3M in January, driven by phishing
Cryptocurrency losses from scams and exploits climbed to $370.3 million in January, marking the highest monthly total in 11 months and a sharp increase versus prior periods. Security firm CertiK reported that this figure represents a more than 277% rise year-over-year and a 214% jump compared with December, with most of the value traced to a single successful social engineering incident.
Of the 40 exploit and scam incidents recorded in January, a single victim reportedly lost roughly $284 million after falling prey to an elaborate social engineering attack. Overall, phishing and related social-engineering scams were the dominant attack vectors in January, accounting for $311.3 million of the total stolen funds.
Context: biggest monthly losses since early 2025
January’s total is the largest monthly loss since February 2025, when attackers claimed roughly $1.5 billion—largely due to a $1.4 billion breach tied to exchange infrastructure. The latest surge underscores that phishing and account-takeover strategies remain highly effective against both institutional and retail crypto holders.
Major January exploits: Step Finance and Truebit among top losses
Independent security monitor PeckShield identified the Step Finance breach as January’s largest hack. Attackers gained control of several treasury wallets, extracting about $28.9 million and withdrawing more than 261,000 SOL from affected Solana-based holdings.
Source: PeckShieldAlert
Other notable incidents
Security firms also flagged a January 8 smart contract vulnerability in the Truebit protocol that enabled an attacker to mint tokens at near-zero cost, resulting in approximately $26.4 million in losses and a sharp collapse in the Truebit (TRU) token price. Additional notable exploits included a $13.3 million loss at liquidity provider SwapNet on Jan. 26 and a $7 million exploit targeting the Saga protocol on Jan. 21.
PeckShield recorded 16 confirmed hacks totaling $86.01 million in January—slightly down year-over-year but higher than December—illustrating that while standalone smart contract attacks remain costly, phishing and social-engineering scams have produced the largest single-event losses this month.
Security outlook and best practices for crypto users
These incidents highlight persistent risks in the crypto ecosystem: phishing, social engineering, poorly secured private keys, and exploitable smart contracts. To reduce exposure, experts recommend hardware wallets, multi-signature custody for treasuries, rigorous code audits, phishing-resistant account recovery processes, and strict operational security policies for teams managing large token holdings.
As losses escalate, exchanges, DeFi platforms, and users must prioritize layered security and real-time monitoring to mitigate the increasingly sophisticated tactics used by attackers.
Source: cointelegraph
Leave a Comment