SKN | Crypto Theft Hits $370 Million in January, Nearly Quadrupling Year on Year: CertiK

Crypto losses surge at start of 2026

The value of cryptocurrency stolen through exploits and scams surged to $370.3 million in January, marking the highest monthly total in nearly a year and a sharp acceleration in crypto-related crime, according to data from CertiK.

The January figure represents a nearly fourfold increase from the same month a year earlier and a 214% jump from December, when losses totaled $117.8 million. CertiK said the spike was driven largely by a single social engineering incident, underscoring how targeted attacks can distort monthly figures and overwhelm broader security trends.

One phishing attack dominates losses

Out of roughly 40 exploit and scam incidents tracked during the month, the vast majority of funds were drained from a single victim who lost approximately $284 million in a sophisticated phishing and social engineering scheme, CertiK said.

Phishing scams accounted for $311.3 million of the total value stolen in January, highlighting that human-targeted attacks, rather than technical protocol failures, remain the most effective vector for large-scale theft.

January’s losses were the largest since February 2025, when crypto thefts reached roughly $1.5 billion following the $1.4 billion hack of the Bybit exchange. While January’s total is far smaller by comparison, CertiK noted that the pace of losses still represents a significant deterioration from late 2025.

DeFi exploits remain persistent

Separate data from blockchain security firm PeckShield showed that decentralized finance exploits also contributed meaningfully to January’s losses, even if they were not the dominant driver.

The largest DeFi-related hack during the month targeted Step Finance, a portfolio tracking platform on Solana. Attackers compromised multiple treasury wallets, stealing around $28.9 million worth of assets, including more than 261,000 Solana tokens.

The second-largest exploit involved the Truebit protocol, where a smart contract flaw allowed an attacker to mint tokens at near-zero cost, resulting in losses of approximately $26.4 million and triggering a sharp collapse in the TRU token’s price.

Additional notable incidents included a $13.3 million hack of liquidity provider SwapNet on Jan. 26 and a $7 million exploit against the Saga network on Jan. 21.

Fewer hacks, bigger impact

PeckShield said there were 16 confirmed hacking incidents in January, totaling $86.01 million in losses from exploits alone. While that figure was slightly lower than the same month a year earlier, it represented a notable increase from December, suggesting that fewer but more damaging attacks are becoming the norm.

Taken together, the data from CertiK and PeckShield points to a shifting threat landscape in crypto. While protocol security has improved in many areas, attackers are increasingly exploiting human behavior and operational weaknesses, allowing single incidents to generate outsized losses and push monthly theft figures sharply higher.