The security issues in the cryptocurrency industry reached a serious level in January 2026. Sophisticated phishing attacks and vault hacking surged, resulting in approximately $400 million leaking from the ecosystem.
According to data from blockchain security firm CertiK, the cryptocurrency industry suffered losses of approximately $370.3 million due to 40 recorded incidents.
1 case $2.84 million phishing attack overwhelmed
However, including the $30 million hacking incident of the Solana-based platform Step Finance on January 31, the total damage exceeds $400 million.
According to CertiK, the month was characterized not by complex protocol hacks, but by a single fatal and destructive social engineering scam.
A single investor lost 284 million dollars on January 16 due to a phishing attack. This theft accounts for approximately 71% of the adjusted losses for that month.
The attacker impersonated Trezor's customer service to trick the victim into exposing their recovery seed phrase. This incident immediately resulted in the theft of 1,459 bitcoins and 2.05 million litecoins.
Shortly after the Trezor-related crime, there was a large-scale movement to convert the stolen assets into Monero (XMR), a privacy-centric token. Monero anonymizes transaction history.
This large-scale conversion caused the price of Monero to surge. Such price movements illustrate the ongoing challenges faced by regulators regarding illicit fund outflows and money laundering issues due to the use of privacy coins.
Technically, vulnerabilities in smart contracts are causing significant losses in the market. TrueBit reported a loss of 26.6 million dollars due to an overflow vulnerability, which is the largest direct hacking damage targeting protocol code this month.
Other major damage cases include a loss of 13 million dollars by Swapnet. The DeFi protocols Saga and Makina Finance also lost 6.2 million and 4.2 million dollars respectively.
The Step Finance breach was an incident where funds from several vault wallets and fee wallets were leaked due to a 'well-known attack vector'. As a result, 261,854 SOL were moved.
As the industry entered February, these figures remind us that even the most robust hardware encryption can be compromised if users do not maintain basic security.
