TL;DR:
- Crypto project hacks fell to around $26.5 million in February 2026, the lowest level recorded since March 2025.
- This figure represents a 98.2% drop compared to the $1.5 billion stolen in February 2025, stemming mainly from the Bybit hack.
- The five largest incidents, led by a $10 million exploit on YieldBlox, accounted for more than 98% of the month’s losses.
Losses fromĀ hacksĀ in the crypto industry plummeted to $26.5 million in February 2026, spread acrossĀ 15 separate incidents. The report was published by blockchain security firmĀ PeckShield. The figure marks the lowest reading since March 2025 andĀ a 69.2% decline compared to the $86 million stolen in January of the same year. The year-over-year comparison is even more striking when looking back at February 2025, a month in which $1.5 billion was stolen, with a record-breaking $1.4 billion attack targeting Bybit.
The five most significant hacks of the month totaled approximatelyĀ $25.9 million, equivalent to more than 98% of the overall figure. The most severe was anĀ oracle manipulation attack for $10 million againstĀ YieldBlox, a lending protocol built on theĀ StellarĀ blockchain. It was followed by a breach that triggered the theft ofĀ $8.8 millionĀ from theĀ ioTubeĀ bridge ofĀ IoTeX, whileĀ CrossCurve, FOOMCASH, and MoonwellĀ recorded losses of $3 million, $2.3 million, and $1.8 million, respectively.
Recovering Funds From the Hackers’ Hands
Efforts to recover stolen funds from the hacks are progressing with highly uneven results. In the case of YieldBlox,Ā Tier-1 validators on the Stellar network managed to freeze $7.2 million of the $10.2 million stolen, though the attacker ignored a bounty offer equivalent to 10% of the funds, according to a post-mortem report published on February 26 by security firm Halborn.
For its part, theĀ IoTeX FoundationĀ announced on the same day a 100% compensation plan for users affectedĀ by the ioTube bridge hack. The organization reported thatĀ 86% of the 410 million CIOTXĀ minted without authorization during the attackĀ were frozenĀ through on-chain controls. To process the payments, the foundationĀ will launch a claims portal with staggered payments in stablecoins or nativeĀ EthereumĀ assets.
CrossCurve, victim of a gateway validation bypass that allowed the issuance of forged messages, issued an official notice on February 2Ā offering a 10% whitehat bounty in exchange for the return of the stolen funds.
