Crypto Crime Surges: $370M Stolen in January Marks Worst Month in Nearly a Year

The cryptocurrency sector faced a brutal start to 2026, with losses from hacks and scams soaring to $370.3 million in January, according to a new report from blockchain security firm CertiK. This figure represents the highest monthly total in 11 months and a nearly fourfold increase from the $98 million recorded in January 2025.

The staggering sum was heavily skewed by a single, massive social engineering attack that resulted in one victim losing approximately $284 million. This incident underscores how sophisticated phishing schemes, rather than complex technical breaches, are becoming a primary vector for theft. Overall, phishing scams accounted for a dominant $311.3 million of the month's total losses.

"While the industry often focuses on smart contract vulnerabilities, this data shows that the human element remains the weakest link," said a CertiK analyst. "Attackers are increasingly bypassing code and targeting psychology with alarming success."

Beyond phishing, on-chain exploits continued to pose a significant threat. The largest technical hack targeted Step Finance, a decentralized finance portfolio tracker on the Solana blockchain, where attackers drained roughly $28.9 million. The second-largest involved the Truebit protocol, which lost about $26.4 million due to a smart contract flaw that allowed an attacker to mint tokens at minimal cost, cratering the value of its TRU token.

Separate data from PeckShield identified 16 major hacks in January, leading to $86 million in losses. While this was slightly lower than the previous year, it marked a sharp rise from December 2025, indicating volatile but persistent security risks. Other notable incidents included a $13.3 million hack on SwapNet and a $7 million exploit on the Saga network.

The January surge aligns with a broader, worrying trend. Blockchain analytics firm Chainalysis recently reported that illicit cryptocurrency addresses received a record $154 billion in 2025, signaling a rapidly expanding ecosystem for crypto-related crime.

In a case that exemplifies the social engineering tactics now in vogue, U.S. prosecutors have charged 23-year-old Brooklyn resident Ronald Spektor with stealing roughly $16 million from about 100 Coinbase users. Posing as a Coinbase employee, Spektor allegedly contacted victims, claimed their funds were in immediate danger, and pressured them to transfer assets to wallets he controlled. Operating under the alias "lolimfeelingevil," his scheme relied on panic to override victims' skepticism.

Marcus Chen, Crypto Investor (San Francisco): "This is a sobering reminder that self-custody and security hygiene are non-negotiable. The industry's growth is being shadowed by its security failures. We need better user education as much as we need better code audits."

Eleanor Vance, Regulatory Analyst (Washington D.C.): "The sheer scale, particularly from phishing, demands a regulatory response focused on consumer protection. Exchanges and wallet providers must be held to higher standards for verifying communications and preventing these impersonation scams."

Dmitri Volkov, Decentralization Advocate (Lisbon): "This is the inevitable cost of a permissionless system! Centralized points of failure and human greed are the real culprits, not the underlying technology. The numbers look bad, but they're a tiny fraction of total market value—the media always sensationalizes this."

Sarah Lin, Cybersecurity Expert (Singapore): "It's infuriating. We see the same patterns year after year. A $284 million loss from one social engineering attack isn't an anomaly; it's a systemic failure. The crypto community's 'move fast and break things' ethos is breaking its users instead. Until security becomes a core cultural value, not an afterthought, these headlines will continue."