February 2026 ended with the lowest recorded figure in monthly losses from cryptocurrency scams since March 2025 at $37.7 million, despite address poisoning scams on the rise. The cryptocurrency sector frequently suffers attacks from bad actors targeting liquidity-rich environments with social engineering and phishing tactics, but despite these sophisticated threats, February 2026 has formally ended with the lowest monthly losses to cyberattacks and exploits in nearly a year. February’s $37.7 million loss was notably less than other months as there were no big incidents to drive up the total. Top crypto exploits in February 2026 February’s $37.7 million loss was spread across several notable incidents. The largest confirmed exploit involved the SOF token, which lost $10.5 million. This was followed closely by the IoTeX bridge hack , which security analysts at Halborn and PeckShield explained involved a private key compromise of the ioTube cross-chain bridge, leading to a loss of approximately $8.9 million. The IoTeX founders initially estimated the loss to be lower, around $2 million, but on-chain data confirmed a larger theft across multiple assets, including USDC and WBTC. Also in February, Foom , Ploutos, and CrossCurve lost $2.2 million, $2.1 million and $1.4 million, respectively. Phishing incidents alone accounted for roughly $8.5 million of the monthly total. Losses are down, frequency is up In 2025, the monthly averages of cryptocurrency losses were heavily affected by massive individual incidents, such as the Bybit hack in February 2025, which saw roughly $1.5 billion in Ethereum stolen by the North Korean-linked Lazarus Group. And so in 2026, without a recorded billion-dollar loss to drive up the totals, the underlying security of the DeFi and exchange ecosystems appears more stable, even as smaller, more targeted attacks continue to plague individual users. While the total dollar amount stolen has dropped, the frequency of address poisoning is reaching record highs. Cryptopolitan recently reported that a trader lost $600,000 on February 17, 2026, after falling victim to this exact tactic. In an address poisoning attack , a scammer monitors the blockchain for active wallets. Once they find a target, they send a tiny, zero-value transaction to that wallet using a “vanity address” generated to look almost identical to one the victim has recently used. Most crypto users verify addresses by checking only the first few and last few characters. Scammers use open-source tools like Profanity to create addresses where the first and last five characters match the victim’s regular contacts. Because many wallets abbreviate the middle of an address with an ellipsis (…), the fake address looks perfect at a glance. The attacker’s goal is to “poison” the victim’s transaction history so that the next time the user goes to copy their own address or a friend’s address for a transfer, they accidentally copy the scammer’s address instead. Security firms now estimate that over one million address poisoning attempts occur every day on the Ethereum network alone. Recent upgrades to the Ethereum network, such as the Fusaka upgrade in late 2025, have lowered transaction fees, making it significantly cheaper for attackers to spam thousands of wallets with these poisoned transactions. In December 2025, another trader lost $50 million in USDT after they copied a fake address from their history just minutes after sending a successful $50 test transaction. Experts target address poisoning vectors CZ, the former CEO of Binance, recently suggested that all crypto wallets should include a feature that automatically checks if a destination address is a known “poison address” and blocks the user from sending funds to it. Other developers are exploring pre-execution risk assessments, which simulate a transaction and show the user a clear, human-readable summary of where the money is going before they send it. For the average user, experts recommend saving frequent addresses in their wallet’s built-in address book rather than copying them from transaction history. Whitelisting should be enabled on exchanges so that funds will only be sent to pre-approved addresses. Users are also encouraged to verify every single character of an address or use Ethereum Name Service (ENS) names. Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.
