- January 2026 saw 16 crypto hacks totaling $86.01M, up 13.25% from December but slightly lower than January 2025.
- Phishing losses exceeded $300M in January, far surpassing protocol hack losses across the crypto sector.
- The largest January hack hit Step Finance at $28.9M, followed by Truebit Protocol at $26.4M.
In January 2026, the crypto sector recorded a sharp contrast between protocol breaches and user-focused attacks.
Technical exploits caused $86.01 million in losses, while phishing and social engineering exceeded $300 million. The data points to a shift in attack methods, with criminals increasingly targeting individuals rather than smart contracts.
January 2026 Crypto Hack Overview
The $86.01 million lost to hacks came from 16 separate incidents during January 2026. This figure marked a 13.25% increase from December 2025, when losses totaled $75.95 million. However, it showed a slight 1.42% decline compared to January 2025, which recorded $87.25 million.
#PeckShieldAlert In Jan. 2026, the crypto space saw 16 hacks totaling $86.01M in losses, representing a slight 1.42% YoY decrease compared to Jan. 2025 ($87.25M) but a notable 13.25% MoM surge from Dec. 2025 ($75.95M).
Meanwhile, #phishing remains staggering with losses… pic.twitter.com/pxugbsPcZ7
— PeckShieldAlert (@PeckShieldAlert) February 1, 2026
Most of the January incidents involved protocol or treasury vulnerabilities. These attacks focused on code weaknesses or access control failures. Losses were concentrated among a small number of projects rather than spread across the sector.
Security firms tracking blockchain exploits noted that attack frequency remained stable. However, the value of individual incidents increased compared to late 2025. This pattern suggested that attackers were selecting higher-value targets.
Largest Protocol Breaches by Value
Step Finance recorded the largest loss in January, totaling $28.9 million. The funds were taken from a treasury breach that affected internal controls. The project later confirmed the incident and began internal reviews.
Truebit Protocol followed with losses of $26.4 million on January 9. The exploit triggered a sharp token price drop shortly after disclosure. Trading activity slowed as exchanges assessed the situation.
SwapNet reported losses of $13.3 million from a contract exploit. Saga, also known as Sagaxyz, lost $7 million during the same period. Makinafi experienced a $4.13 million breach, although about $2.7 million was later recovered.
These incidents showed that protocol risks remained present. However, their combined value remained far below losses from social engineering attacks during the month.
Phishing and Social Engineering Losses Surge
Phishing losses in January exceeded $300 million, far surpassing protocol-related thefts. Most cases involved targeted campaigns rather than broad email scams. Attackers used direct contact methods and trusted platforms.
The largest single loss occurred on January 10, 2026. One victim lost over $282 million in Bitcoin and Litecoin. The theft followed a hardware wallet social engineering scheme that used impersonation and false security prompts.
Security analysts observed increased use of deep fake audio and video. Attackers also relied on AI-generated messages to appear legitimate. These tactics reduced suspicion and increased success rates.
Broader Context From 2025
The January figures followed a year of heavy losses in 2025. Total crypto theft exceeded $3.4 billion during that year. A major portion came from the $1.5 billion Bybit breach in February 2025.
Authorities recovered or froze about $334.9 million in stolen funds in 2025. This recovery rate was lower than in previous years. Law enforcement cited cross-border issues and fast fund movement.
Recent campaigns also used *.vercel.app domains to deliver malicious tools. These domains helped bypass filters and spread remote access software. Security teams warned that these methods would remain active in early 2026.
