Crypto Theft Swells to $370 Million in January, a Four‑Fold Increase YoY
January 2026 – The total value of cryptocurrency lost to exploits, scams and phishing attacks jumped to $370.3 million, the highest monthly total recorded in the past 11 months and nearly four times the amount stolen in the same month a year ago.
Overview
Security firms CertiK and PeckShield released their latest threat‑intelligence reports on Monday, revealing that 40 incidents involving exploits and scams were logged for January. While the number of events is comparable to previous months, the monetary impact surged dramatically, driven primarily by a single social‑engineering scheme that drained roughly $284 million from one victim’s holdings.
Phishing attacks accounted for the bulk of the losses, siphoning $311.3 million across the month. The remaining $59 million stemmed from a series of high‑profile hacks on decentralized finance (DeFi) platforms and blockchain protocols.
Key Incidents
| Platform / Target | Approx. Loss | Attack Vector |
|---|---|---|
| Unnamed victim (social‑engineering) | $284 M | Fake communications that tricked the user into authorising transfers |
| Step Finance (DeFi portfolio tracker) | $28.9 M | Compromise of treasury wallets; 261,000+ SOL tokens stolen |
| Truebit (smart‑contract protocol) | $26.4 M | Exploit of a contract flaw that allowed near‑free token minting |
| SwapNet (liquidity provider) | $13.3 M | Smart‑contract exploit on Jan 26 |
| Saga (blockchain protocol) | $7 M | Exploit on Jan 21 |
PeckShield flagged a total of 16 hacks for the month, amounting to $86 million in direct losses. Although this figure is a modest 1.4 % lower than the same period last year, it represents a 13 % rise compared with December 2025, when $117.8 million was taken.
Contextual Numbers
- January 2025: $98 million stolen – a 277 % increase to the current $370 million.
- December 2025: $117.8 million stolen – a 214 % rise to this month’s total.
- February 2025: The last time monthly theft topped $300 million, with $1.5 billion lost overall, driven mainly by the $1.4 billion Bybit hack.
These trends underline a resurgence of large‑scale thefts after a relatively quiet 2024, suggesting that attackers are shifting back to high‑value, low‑frequency targets.
Analysis
-
Social engineering resurges – The $284 million loss from a single victim illustrates the potency of human‑focused attacks. Even sophisticated users can be duped when attackers exploit trust, urgency or impersonation tactics.
-
Phishing dominates – Over 84 % of the total value taken in January came from phishing. The rise may be linked to increased use of decentralized applications (dApps) where users often interact with unfamiliar interfaces, making them more susceptible to fraudulent links and spoofed login portals.
-
DeFi remains a juicy target – Despite improvements in audit practices, protocols such as Step Finance and Truebit suffered sizeable breaches. Smart‑contract vulnerabilities, especially those allowing token minting or unchecked withdrawals, continue to be the Achilles’ heel of the ecosystem.
-
Security‑firm data diverge – CertiK’s broader “exploit and scam” figure ($370 M) includes phishing, while PeckShield’s “hacks” tally ($86 M) isolates code‑level breaches. Together they paint a comprehensive picture: a mix of human‑centric fraud and technical exploits is driving the uptick.
- Regulatory and industry response – The spike is likely to intensify calls for stricter compliance, mandatory security audits, and better user‑education programs. Platforms may also accelerate adoption of multi‑factor authentication, hardware wallet integration, and real‑time transaction monitoring.
Key Takeaways
- Four‑fold YoY increase: January 2026’s theft total is nearly four times that of January 2025, signaling an alarming reversal from the previous year’s downward trend.
- Single‑victim outsized impact: One social‑engineering scam accounted for roughly 77 % of the total loss, highlighting the high payoff of targeted attacks.
- Phishing is the primary loss vector: Over $311 million was taken through deceptive emails, messages and fraudulent sites.
- DeFi hacks still costly: Even with growing audit standards, high‑value exploits on platforms like Step Finance and Truebit collectively exceeded $55 million.
- Industry vigilance needed: Strengthening user education, enforcing rigorous smart‑contract audits, and deploying advanced threat‑detection tools are essential to curb the upward trajectory.
The figures presented are based on data released by CertiK and PeckShield. As always, readers are encouraged to verify information independently and stay updated on evolving security best practices.
Source: https://cointelegraph.com/news/crypto-stolen-370m-january-quadrupling-year-on-year-certik?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound
