02-06-2026 
|
Getting your Trinity Audio player ready...
|
Over $370 million worth of digital assets was stolen through exploits and scams in January, more than three times the number stolen in the same period last year and the highest monthly figure in 11 months, according to new data by digital asset security company CertiK.
Paired with another of the firm’s recent reports on so-called “wrench attacks,” which showed a 75% year-on-year rise, the stats appear to show a boom time for crypto-criminals and worrying for the digital asset sector’s public image.
Bad January for crypto losses
CertiK, founded in 2018 by professors from Yale University and Columbia University and describes itself as “a pioneer in blockchain security,” posted on X that, combining all the incidents in January, it confirmed around $370.3 million lost to 40 exploits. This number has since been updated to over $398 million from 42 exploits. Of this total, around $311.3 million was attributed to phishing and “social engineering scams,” accounting for $284 million of the losses.
Social engineering fraud, as defined by Interpol, is: “A broad term that refers to the scams used by criminals to exploit a person’s trust in order to obtain money directly or obtain confidential information to enable a subsequent crime.”
In isolation, the figures are already concerning, but when compared to those from January 2025, they become all the more stark.
According to CertiK, around $98 million was lost to exploits, hacks, and scams last January, with around $8 million attributed to phishing. Based on the updated figures the firm published on Monday, losses this year were almost four times this.
Last month’s numbers also represented the largest monthly loss for digital assets since February 2025, when a whopping $1.5 billion was lost in a single month, due in large part to the $1.4 billion hack of digital asset exchange Bybit by the notorious North Korean state hacking group Lazarus.
In terms of where the most significant hacks occurred this year, the largest single loss was suffered by Step Finance, a decentralized finance (DeFi) portfolio tracker built on Solana. The platform announced it had been breached on January 31, with 261,854 SOL being unstaked and transferred during the incident, amounting to roughly $27.2 million.
The next-largest incident was a $26.6 million loss suffered by the Truebit platform on January 8, resulting from an “integer overflow vulnerability” that allows a malicious hacker to trick the program into miscalculating balances or limits and steal funds.
“We were the victims of a sophisticated attack,” said the platform, in a post on X following the loss. “We have filed a report with U.S. federal authorities, we’re ready to work with the FBI, and we have been working continuously with external cybersecurity specialists.”These losses represent a rough start to the year for the digital asset sector, one that, unfortunately, is not uncharacteristic of last year’s trends.
Wrench attacks on the rise in 2025
CertiK, not afraid to be the bearers of bad news, followed up the publication of its January figures with a report on 2025’s “wrench attacks” in the digital asset space, which found a 75% increase from 2024.
Wrench attacks are broadly described as attacks targeting digital asset users in the real world to obtain cryptocurrencies illegally. They can involve violent kidnappings, torture, and home invasions, with the aim being to coerce victims to transfer funds under threat of physical violence, or worse.
According to CertiK’s “Skynet Wrench Attacks Report,” published at the beginning of February, there were 72 verified physical coercion incidents worldwide in 2025, a 75% increase compared to 2024.
“Kidnapping remains the primary attack vector, while physical assaults rose by 250% year-on-year, highlighting clear escalation in brutality,” read the report.
Europe was the worst affected, accounting for 40% of global incidents, with France emerging as the most dangerous jurisdiction, surpassing the United States.
Based on CertiK’s research, confirmed financial losses due to wrench attacks exceeded $40.9 million, up 44% from 2024. However, the firm said that this figure “significantly understates the true impact” due to the under-reporting of incidents, silent settlements, and untraceable ransoms.
“The psychological and reputational effects are severe, driving founders and high-net-worth individuals towards operational anonymity and geographical relocation,” said CertiK. “2025 marks a clear inflection point: physical violence is now a core threat vector in the crypto ecosystem.”
Watch: Blockchain could revolutionize cybersecurity
Recommended for you
