Cryptocurrency theft rebounded sharply in January, with total losses from exploits and scams reaching $370.3 million, according to data from blockchain security firm CertiK. The figure marked the highest monthly total in 11 months and signalled a clear reversal from the relatively lower losses recorded toward the end of last year. January’s total was nearly four times higher than the $98 million stolen in January 2025 and more than triple the $117.8 million lost in December. CertiK recorded at least 40 exploit and scam incidents during the month. However, the data showed that overall losses were not evenly distributed, with a small number of incidents accounting for the vast majority of stolen funds. CertiK Alert @CertiKAlert · Follow #CertiKStatsAlert 🚨Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.More details below 👇 5:30 PM · Jan 31, 2026 40 Reply Copy link Read 3 replies One scam skews monthly totals According to CertiK, most of the value stolen in January came from a single victim who lost around $284 million in a large-scale social engineering scam. Social engineering scams rely on manipulation rather than technical vulnerabilities, persuading victims to approve transactions themselves. These schemes often involve impersonation, urgency, and fear-based messaging to push users into transferring funds. CertiK said this type of attack played an outsized role in January’s surge, highlighting a persistent weakness in user-facing security rather than blockchain infrastructure alone. Phishing dominates loss profile Phishing scams were the dominant vector throughout the month, accounting for $311.3 million of the total crypto stolen in January, CertiK said. These attacks typically involve fraudulent messages or websites designed to trick users into revealing private keys or signing malicious transactions. The scale of phishing-related losses meant that scam activity, rather than protocol-level exploits, was the primary driver behind January’s rebound. While technical attacks continue to pose risks, the data showed that user-targeted scams were responsible for the bulk of financial damage during the period. January’s losses were the largest monthly total since February 2025, when attackers stole around $1.5 billion. That earlier spike was driven largely by the $1.4 billion hack of crypto exchange Bybit. CertiK Alert @CertiKAlert · Follow #CertiKStatsAlert 🚨Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.More details below 👇 5:30 PM · Jan 31, 2026 40 Reply Copy link Read 3 replies Exploits still hit DeFi projects Although scams accounted for most of the value lost, on-chain exploits continued to affect decentralised finance platforms. Blockchain security firm PeckShield reported that the largest exploit in January targeted Step Finance, a decentralised finance portfolio tracker operating on Solana. Attackers compromised several treasury wallets and stole about $28.9 million, draining more than 261,000 SOL in the process. PeckShield said the attack was the largest exploit recorded during the month. The second-largest exploit affected the Truebit protocol on Jan. 8, when a flaw in a smart contract allowed an attacker to mint tokens at almost no cost. The incident resulted in losses of about $26.4 million and led to a sharp decline in the price of the TRU token. PeckShield also highlighted a $13.3 million hack on liquidity provider SwapNet on Jan. 26 and a $7 million exploit targeting the Saga blockchain protocol on Jan. 21. PeckShield counted 16 hacks in total during January, with combined losses of $86.01 million. While that figure represented a slight decline from a year earlier, it marked a more than 13% increase from December, pointing to renewed pressure on DeFi security. PeckShieldAlert @PeckShieldAlert · Follow #PeckShieldAlert In Jan. 2026, the crypto space saw 16 hacks totaling $86.01M in losses, representing a slight 1.42% YoY decrease compared to Jan. 2025 ($87.25M) but a notable 13.25% MoM surge from Dec. 2025 ($75.95M). Meanwhile, #phishing remains staggering with losses 5:09 PM · Feb 1, 2026 48 Reply Copy link Read 6 replies Crime concerns extend beyond January The rebound in January losses comes amid broader concerns about crypto-related crime. Blockchain analytics firm Chainalysis has reported that illicit cryptocurrency addresses received a record $154 billion in 2025, indicating sustained growth in illegal activity across the sector. Law enforcement cases continue to show how phishing and impersonation schemes operate in practice. In one recent case, US prosecutors charged a 23-year-old Brooklyn resident, Ronald Spektor, with stealing roughly $16 million in cryptocurrency from around 100 Coinbase users. Authorities said the alleged scheme relied on posing as a Coinbase employee and pressuring victims to transfer funds by claiming their accounts were at immediate risk. The post Crypto theft rebounds in January as CertiK highlights phishing surge appeared first on Invezz
