A report from the blockchain security firm Nominis highlights a dramatic 87% reduction in cryptocurrency thefts during February, with losses dropping from $385 million in January to $49 million in February.

However, this decline comes with a concerning trend: attackers are now focusing more on phishing and user manipulation rather than exploiting vulnerabilities in coding.

Insights into February’s Crypto Attacks

According to the Nominis report, Step Finance, a decentralized finance platform based on Solana, suffered over 60% of February’s total losses. In this incident, hackers may have gained control of the devices used by the project’s executives, leading to the unauthorized transfer of 261,854 SOL, which had a value of approximately $40 million.

The repercussions were so severe that Step Finance had to shut down its main platform as well as associated projects like SolanaFloor and Remora Markets.

The remaining losses included various attacks: CrossCurve, a cross-chain protocol bridge, lost $3 million due to flaws in the contract’s validation process, and YieldBlox, a DeFi lending service, lost $10.2 million because of a manipulation in its collateral pricing system.

User-Centric Attacks

Additionally, there was a surge in ‘address poisoning’ scams, targeting individual users. Victims lost amounts ranging from $100,000 to nearly $600,000 after unintentionally signing off on token approvals through fake prompts.

Emerging Trends

February also unearthed several analytics by both investigators and authorities. For example, SlowMist published findings on a phishing campaign designed specifically for crypto project administrators, where counterfeit token vesting tools were used to gain unauthorized access to contracts.

In South Korea, an investigation is underway after a seed phrase was inadvertently exposed in a shared image, enabling criminals to reconstruct a wallet and steal nearly $5 million in cryptocurrency.

On a more positive note, the U.S. Department of Justice successfully seized over $61 million linked to a fraudulent scheme known as ‘pig butchering’, applying blockchain analysis to track down the illicit funds.

The findings from February indicate that losses are not mostly due to exploiting unknown vulnerabilities; rather, the primary contributors are compromised user accounts and misleading transaction requests. Nominis emphasizes that the key vulnerabilities in the cryptocurrency ecosystem stem from user behavior and operational practices rather than the blockchain technology itself.