qerranews 
The cryptocurrency industry has kicked off the year with alarming security concerns, as the value of digital assets stolen in January surged to more than $370 million. According to blockchain security firm CertiK, crypto thefts through hacks, exploits, and scams nearly quadrupled compared to the same period last year, highlighting persistent vulnerabilities across centralized and decentralized platforms. The sharp rise also marks a dramatic increase from December, signaling that bad actors are becoming more aggressive and sophisticated in their attacks.
Crypto Theft Jumps to 11-Month High
CertiK reported that cryptocurrency losses in January totaled $370.3 million, making it the highest monthly figure recorded in the past 11 months. This represents a nearly fourfold increase from January 2025, when attackers stole roughly $98 million. On a month-on-month basis, the numbers are even more striking, showing a 214% jump from December’s $117.8 million in losses.
The data underscores a troubling trend for the digital asset ecosystem, where security incidents continue to scale in size even as awareness around best practices improves. Despite ongoing efforts by exchanges, protocols, and security firms, hackers are still finding lucrative opportunities to exploit weaknesses.
One Phishing Scam Drove Majority of Losses
A key takeaway from CertiK’s January report is how concentrated the losses were. Out of 40 exploit and scam incidents recorded during the month, a single social engineering attack accounted for the majority of the stolen funds. In that incident alone, one victim reportedly lost around $284 million after falling prey to a sophisticated phishing scheme.
Phishing scams emerged as the dominant attack vector throughout January, responsible for $311.3 million of the total stolen value. These scams often rely on tricking users into revealing private keys or approving malicious transactions, proving that human error remains one of the weakest links in crypto security.
Comparison With Previous Major Hacks
While January’s $370 million loss is severe, it still falls short of the industry’s worst months. The last time crypto thefts reached higher levels was in February 2025, when attackers stole approximately $1.5 billion in a single month. Much of that figure was driven by the massive $1.4 billion hack on crypto exchange Bybit, which sent shockwaves through the market.
Nevertheless, January’s figures show that large-scale incidents are not isolated events. Instead, they appear to be part of a recurring cycle where periods of relative calm are followed by sudden spikes in exploit activity.
Step Finance and Truebit Among Biggest Hacks
In addition to phishing scams, several high-profile protocol hacks contributed significantly to January’s total losses. Blockchain security firm PeckShield identified the attack on Step Finance as the largest exploit of the month. The decentralized finance portfolio tracker suffered losses of approximately $28.9 million after multiple treasury wallets were compromised, resulting in the theft of more than 261,000 Solana (SOL) tokens.
The second-largest exploit occurred on January 8, when the Truebit protocol was hit by a $26.4 million attack. A flaw in a smart contract allowed an attacker to mint tokens at nearly no cost, leading to a sharp crash in the price of the Truebit (TRU) token and raising concerns about code auditing standards.
Other notable incidents included a $13.3 million hack on liquidity provider SwapNet on January 26 and a $7 million exploit against blockchain protocol Saga on January 21. These attacks highlight the diverse range of targets, from DeFi tools to infrastructure-focused blockchain projects.
Fewer Hacks, Bigger Losses
Interestingly, PeckShield noted that there were 16 hacks in total during January, resulting in $86.01 million in losses. This figure represents a slight 1.42% decrease compared to the same month last year but a more than 13% increase from December. The data suggests that while the number of hacks may not be rising dramatically, the financial impact of each incident is growing.
This trend reflects a shift toward more targeted, high-value attacks, where hackers focus on exploiting critical vulnerabilities or manipulating individuals with access to large sums of crypto assets.
What This Means for the Crypto Industry
The surge in January crypto hacks underscores the urgent need for stronger security measures across the ecosystem. For users, this means exercising greater caution, especially when interacting with links, signing transactions, or granting wallet permissions. For projects, it highlights the importance of rigorous smart contract audits, continuous monitoring, and user education.
As crypto adoption expands, so does its appeal to cybercriminals. Unless security practices evolve at the same pace as innovation, the industry risks seeing even larger losses in the months ahead.
Conclusion
January’s $370 million in stolen cryptocurrency serves as a stark reminder that security remains one of the biggest challenges facing the digital asset space. With losses nearly quadrupling year on year and phishing scams accounting for the majority of stolen funds, both users and platforms must remain vigilant. As history has shown, a single exploit can erase millions in value overnight, making proactive security more critical than ever.