Key Highlights
- CertiK recorded 103 incidents and 36 phishing scams so far this year, reaching $480 million.
- Projects like Step Finance, Resolv, and Truebit each lost over $20 million from different attacks.
- Phishing remains the biggest cause of losses, with attackers using simple tricks to deceive users.
About 103 security incidents and 36 phishing scams have been recorded so far since the beginning of the year, according to blockchain security firm CertiK.
These events have resulted in estimated losses of about $480 million, mainly caused by phishing attacks, system exploits, and social engineering methods used by attackers to trick users and access funds.
$104.5 million losses from crypto firms
In a post on X, CertiK listed some of the biggest incidents involving crypto platforms so far this year. Step Finance, a decentralized finance platform that helps users manage their crypto assets, lost about $27 million after attackers gained access to its treasury wallets.
Truebit, another platform, lost about $26 million due to a smart contract vulnerability. A smart contract is a self-executing program on a blockchain, and in this case, a flaw allowed attackers to create tokens at little cost, which reduces their value.
Other affected platforms included Resolv, Swapnet, and YieldBlox, with losses ranging from around $10 million to over $26 million. In total, about $104 million in losses were recorded across these crypto firms.
About $110 million added since last report
Meanwhile, this number is higher than what was recorded in late January. At that time, CertiK reported only 40 security incidents and scams, with total losses of about $370 million.
CertiK said that phishing scams were mostly major causes of the losses, which accounted for about $311 million of the total. This is when attackers pretend to be trusted sources, such as customer support, to trick people into sharing sensitive information like passwords or wallet recovery phrases.
In one case, ZachXBT reported on January 16 that a single victim lost about $284 million through a social engineering attack, where the attacker used deception instead of hacking a system directly.
This figure is even a lot higher compared to early 2025, in which total losses were just about $98 million, while December 2025 recorded around $117.8 million.
Broader context
This shows that attacks have increased as the year continues, pushing total losses closer to half a billion dollars.
Recent data from Chainalysis indicates that crypto-related crime remains a growing issue. In a report, the firm said that illicit cryptocurrency addresses received about $154 billion in 2025, an increase from the previous year.
These figures show that both technical weaknesses in systems and human factors, such as falling for scams, continue to contribute to financial losses in the crypto sector. And if proper measures are not taken, the crypto space could report a billion in losses by the end of the year.
Also Read: Vietnam Police Bust ONUS Crypto Scam, Arrest Seven