Hack‑athon or Heist‑athon? PeckShield Reports $112.5M Crypto Carpet-Pulled in Q1 2026

PeckShield’s latest quarterly audit of chaos reveals that crypto’s "innovation" in security incidents remains a thriving, if expensive, sector. The first two months of 2026 saw a cool $112.5 million collectively yeeted from various protocols, proving that while the bull run giveth, the hackers taketh away.

January 2026 was a heavyweight month for digital heists, a true festival of failure. Sixteen separate exploits netted attackers $86.01 million, which is a modest 1.42% haircut from January 2025’s $87.25 million but a solid 13.25% pump from the previous month’s $75.95 million haul. The damage was hilariously concentrated, as is tradition: Step Finance led the shame parade with a $28.9 million rug, Truebit followed closely with a $26.4 million oopsie, SwapNet donated $13.3 million, Saga lost $7 million, and Makina Finance watched $4.13 million vanish (though, in a rare plot twist, $2.7 million was later recovered). Beyond the classic smart-contract exploits, the old-fashioned art of phishing alone vacuumed over $300 million from pockets that month, a stark reminder that the biggest vulnerability often sits between the chair and the keyboard.

February 2026 then decided to take a breather, or perhaps the hackers were just exhausted from counting their January gains. Fifteen major incidents accounted for a comparatively meager $26.52 million, marking a 69.2% plunge from January and a staggering 98.2% year-over-year drop from February 2025—though that prior figure was comically inflated by a single $1.4 billion Bybit exploit that skewed the averages. The losses were, again, dominated by a handful of attacks that did most of the heavy lifting: YieldBlox DAO suffered a $10 million hit, the IoTeX bridge got a costly $8.8 million haircut, CrossCurve lost $4.95 million, FOOM Cash saw $2.26 million go foom, and Moonwell drained $1.8 million. Those five incidents alone made up roughly 98% of February’s total thefts, a masterclass in loss concentration.

This Jan-Feb snapshot paints a clear picture of volatility and highly concentrated losses, rather than any meaningful decline in systemic risk. While February’s lower total might let some security teams breathe a sigh of relief, the persistence of mid-size protocol and bridge attacks highlights the same old unresolved weaknesses—particularly in the glorified duct tape known as cross-chain infrastructure and in DeFi applications still playing fast and loose with other people’s money.