TL;DR:
- Crypto project hacks fell to around $26.5 million in February 2026, the lowest level recorded since March 2025.
- This figure represents a 98.2% drop compared to the $1.5 billion stolen in February 2025, stemming mainly from the Bybit hack.
- The five largest incidents, led by a $10 million exploit on YieldBlox, accounted for more than 98% of the month’s losses.
Losses from hacks in the crypto industry plummeted to $26.5 million in February 2026, spread across 15 separate incidents. The report was published by blockchain security firm PeckShield. The figure marks the lowest reading since March 2025 and a 69.2% decline compared to the $86 million stolen in January of the same year. The year-over-year comparison is even more striking when looking back at February 2025, a month in which $1.5 billion was stolen, with a record-breaking $1.4 billion attack targeting Bybit.
The five most significant hacks of the month totaled approximately $25.9 million, equivalent to more than 98% of the overall figure. The most severe was an oracle manipulation attack for $10 million against YieldBlox, a lending protocol built on the Stellar blockchain. It was followed by a breach that triggered the theft of $8.8 million from the ioTube bridge of IoTeX, while CrossCurve, FOOMCASH, and Moonwell recorded losses of $3 million, $2.3 million, and $1.8 million, respectively.
Recovering Funds From the Hackers’ Hands
Efforts to recover stolen funds from the hacks are progressing with highly uneven results. In the case of YieldBlox, Tier-1 validators on the Stellar network managed to freeze $7.2 million of the $10.2 million stolen, though the attacker ignored a bounty offer equivalent to 10% of the funds, according to a post-mortem report published on February 26 by security firm Halborn.
For its part, the IoTeX Foundation announced on the same day a 100% compensation plan for users affected by the ioTube bridge hack. The organization reported that 86% of the 410 million CIOTX minted without authorization during the attack were frozen through on-chain controls. To process the payments, the foundation will launch a claims portal with staggered payments in stablecoins or native Ethereum assets.
CrossCurve, victim of a gateway validation bypass that allowed the issuance of forged messages, issued an official notice on February 2 offering a 10% whitehat bounty in exchange for the return of the stolen funds.
