news

Crypto Theft Hits $370M in January as Phishing Drives Record Monthly Losses: CertiK

Nidhi Saini
Published: February 2, 2026
5 min read
Crypto Theft Hits $370M in January as Phishing Drives Record Monthly Losses: CertiK

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Facebook
Instagram
LinkedIn
YouTube

Summary:

  • Around $370.3 million in crypto was stolen in January, according to CertiK.
  • Losses were nearly four times higher than the same month a year earlier.
  • Phishing made up the bulk of the damage, with over $311 million linked to these scams.
  • One victim alone reportedly lost about $284 million in a social engineering attack.
  • Security firms say the data shows attackers are still leaning heavily on social engineering.

January turned into one of the worst months for crypto security in almost a year. The total value lost to hacks, exploits and scams reached roughly $370.3 million, marking the highest monthly figure in 11 months and a steep jump compared with last January. The scale of the number stands out, but the way the money was lost tells the bigger story. Crypto security firm CertiK summed it up bluntly on X:

" Combining all the incidents in January we've confirmed ~$370.3M lost to exploits. ~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam."

That last line focuses away from complex smart contract bugs and toward something far more human. Social engineering scams trick users into handing over access, signing malicious transactions, or revealing sensitive information. In this case, a single victim reportedly lost around $284 million, which made up a large share of the month's total losses. The broader numbers underline how sharp the rise has been. The latest figure represents a more than 277% increase from January a year earlier, when losses were about $98 million. It is also a 214% jump from December, which saw $117.8 million in crypto stolen, according to CertiK's shared data. 

Source: CertiK

Even in a market used to big numbers, this kind of month-to-month swing is hard to ignore. It shows that while tools and audits improve, attackers keep finding ways to scale damage quickly, especially when they can focus on individuals rather than hardened protocols.

Phishing Dominates While Protocol Hacks Still Add Pressure

A large amount from $370 million stolen came from phishing, which accounted for $311.3 million over the month. That means the majority of the losses were not from breaking code directly, but from manipulating people into making the wrong move at the wrong time. At the same time, direct protocol hacks have not gone away. Another security firm tracking the space, PeckShield, pointed out that January still saw multiple notable technical exploits. The firm said the crypto sector experienced 16 hacks during the month, totaling $86.01 million in losses. While that figure showed a slight year-over-year decrease compared with January the previous year, it marked a clear rise from December. PeckShield also highlighted that phishing losses alone exceeded $300 million during the same period.

Source

Among the larger protocol-level incidents, PeckShield noted the $13.3 million hack on liquidity provider SwapNet on Jan. 26 and the $7 million exploit against the blockchain protocol Saga on Jan. 21. These numbers are smaller compared with the giant phishing case, but they still show that weaknesses in smart contracts and system design continue to create openings. CertiK's historical comparison adds more things. January's losses are the largest monthly total since February of the previous year, when attackers stole around $1.5 billion in a single month, much of it tied to a major exchange breach. That earlier spike came from one huge event. January's figure, by contrast, mixes one massive social engineering case with a long list of smaller incidents.

This matters because It suggests that the threat landscape is not just about rare, extreme hacks. It is also about constant background risk from everyday scams, phishing links, fake support messages and impersonation tactics. Those methods do not require advanced code skills, only a convincing story and a moment of user distraction.

What These Losses Mean for Users and the Industry

When one phishing incident can wipe out hundreds of millions of dollars, it forces a hard look at where crypto security still falls short. Wallets, exchanges and protocols can add layers of technical protection, but if users are tricked into signing malicious transactions or sharing access, those defenses often cannot help. The numbers from January show that education and user-side tools are as important as audits and bug bounties. Clear transaction warnings, address screening, phishing detection and simpler interfaces can reduce risk, but they need to keep pace with attackers who constantly adjust their tactics.

For builders, the lesson is that security does not end at the smart contract. Social engineering now operates at the same scale as technical exploits. For users, the message is less comfortable but simple. Large sums are being lost not only because code fails, but because trust is being abused. It is also a reminder that crypto's biggest weak point is often the human layer sitting above the blockchain. Until that gap narrows, months like this may keep returning, even as the underlying tech gets stronger.

 

Related Topics

#Crypto news#Phishing Attack#Phishing Scam#Crypto Theft#CertiK

About the Project

Crypto News

About the Author

Nidhi Saini

Nidhi Saini

Nidhi Saini is a writer and co-founder of CotiNews, with over four years of experience working in Web3 marketing. She brings a practitioner’s perspective to her writing, shaped by years spent understanding how blockchain products are positioned, communicated, and adopted. As a co-founder, she is also involved in shaping the platform’s editorial direction, ensuring the publication stays thoughtful, credible, and grounded.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.