That surge was driven mostly by one massive social-engineering con that emptied a single victim of about $284 million. Simple lies and well-crafted messages beat code this time.
Phishing Dominates LossesAccording to CertiK, phishing-style scams grabbed about $311 million of the January haul. That means most losses came from attackers tricking users and insiders rather than breaking cryptographic systems.
Social pressure, fake links, and impersonation were used to push victims into moving funds. People clicked. Money moved. Accounts were drained.
A Bigger Picture Of Monthly SwingsBased on reports, January’s total is nearly four times the $98 million stolen in January 2025 and more than triple December’s close to $118 million.
The month is the largest since February 2025, when roughly $1.5 billion was taken, most of that tied to the huge Bybit heist.
Those big events show how a single breach or scam can tilt an entire month’s tally. Numbers can look calm one month and explosive the next. That unpredictability keeps wallets and treasuries on edge.
Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.
~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.
Truebit suffered a $26.4 million hit when a smart contract flaw allowed near-free minting, which also crushed its token price.
SwapNet and Saga were among other victims, with losses around $13.3 million and $7 million respectively. Those hacks were technical, aggressive, and fast.
Reports say there were 40 exploit and scam incidents over January, though the bulk of value lost was concentrated in a few cases.
That pattern means the raw count of incidents doesn’t tell the whole story; a single, well-executed con can dwarf many smaller breaches combined. Some months will show many small thefts. Other months will be defined by one enormous fraud.
Security teams and project treasuries must tighten both human and technical safeguards. More rigorous wallet controls, staged approvals, and stronger identity checks would blunt social-engineering strikes.
At the same time, independent code audits and quicker response plans can limit damage from smart contract bugs. Education programs for staff and users are cheap compared with the cost of a single large loss.
The recent spike is a clear message: attackers are mixing social skill with technical know-how. The playbook now often starts with a message in a chat app or an email, then turns into code-level theft.
Patching software helps. Teaching people how to spot scams will stop many attacks before they ever reach the code.
Featured image from Shutterstock, chart from TradingView
