February's Crypto Heist Diet: A $37.7M Light Snack, But the Poisoned Candy Is Still Circulating

February 2026 concluded its heist report card with the most modest monthly crypto scam loss since March 2025, a figure of $37.7 million. The degen community can almost pretend it's a rounding error, if not for the pesky, record-setting surge of address-poisoning scams lurking in the shadows.

The ecosystem remains a buffet for social‑engineering and phishing grifters feasting on liquidity‑rich wallets, but February lacked a single blockbuster breach to bloat the total. This makes the $37.7 million the smallest monthly financial haircut in nearly a year—call it a trim, not a scalping.

Where the money vanished

• The headline act was the SOF token, which performed an exit liquidity maneuver to the tune of $10.5 million.
• The IoTeX bridge hack came next, where a private‑key compromise of the ioTube bridge cost roughly $8.9 million. The IoTeX team initially lowballed the loss at $2 million, but the immutable ledger, as it always does, told the fuller story of stolen USDC and WBTC.
• Smaller, yet still painful, punches landed on Foom ($2.2 M), Ploutos ($2.1 M) and CrossCurve ($1.4 M).
• Old‑school phishing, the boomer of scams, still managed to reel in about $8.5 million of the month’s total haul.

A quieter year, not a safer one The 2025 monthly averages were utterly distorted by mega‑incidents like the Bybit hack, where the North Korean‑linked Lazarus Group casually vacuumed up roughly $1.5 billion in ETH. With no comparable billion‑dollar oopsie in 2026 so far, DeFi and exchanges appear more stable on a spreadsheet, even as a death-by-a-thousand-cuts strategy continues to pickpocket individual users.

Address poisoning hits record frequency While the dollar figure stolen has dieted, the sheer volume of address‑poisoning attempts is bulking up. Cryptopolitan reported a trader getting rekt for $600,000 on Feb 17 2026 after falling for this sleight-of-hand. Scammers surveil the chain, then fire a zero‑value transaction from a “vanity” address that mimics the first and last five characters of a victim’s real address. Since most wallets abbreviate the middle with “…”, the fake address looks legit in a quick glance, effectively poisoning the victim’s transaction history.

Security firms now estimate over one million poisoning attempts per day on Ethereum alone—spam so relentless it makes inbox filters weep. The late‑2025 Fusaka upgrade, which cut fees, made it dirt‑cheap for attackers to spam thousands of wallets with these digital banana peels.

A similar, more expensive lesson was taught in December 2025, when a trader mislaid $50 million in USDT after copying a fake address from their history mere minutes after a successful test send. Proof that in crypto, even your own transaction history can't be trusted without a verification.

What the pros suggest

• CZ, former Binance CEO, advocates for wallets to auto‑detect known “poison” addresses and block transfers, basically a scammer blocklist.
• Developers are tinkering with pre‑execution risk assessments that simulate a transaction and serve up a clear, human‑readable summary before you sign your funds away.
• For the everyday degen, the advice remains boringly simple: bookmark frequent addresses, enable exchange whitelists, verify every