Overview
- NOMINIS tallied roughly $49.3 million in February losses, an 87% drop from January’s $385 million, while PeckShield estimated $26.5 million, the lowest since March 2025.
- A breach tied to Step Finance on Solana accounted for most losses as about 261,854 SOL worth roughly $27–30 million was drained after executive devices were compromised, prompting a suspension of core services.
- Attackers increasingly relied on social engineering, with users tricked into signing malicious approvals such as “increaseAllowance” and falling for address-poisoning schemes.
- Technical exploits persisted but were fewer, including a ~$10.2 million oracle manipulation at YieldBlox and cross-chain validation issues affecting CrossCurve and IoTeX.
- Defensive measures gained traction as Bybit reported blocking over $300 million in unauthorized withdrawals in Q4 and flagging about 350 high-risk addresses, while U.S. actions included a $6.1 million seizure and a Scam Center Strike Force freeze exceeding $580 million.