Crypto-related hacks fell to about $49 million in February, a sharp decline from the $385 million stolen in January, as attackers shifted toward phishing scams and wallet approval exploits.
A single breach involving Step Finance accounted for the majority of losses, with attackers draining roughly $30 million from the portfolio dashboard built on the Solana.
According to a report from Nominis, phishing campaigns and social engineering tactics increasingly drove attacks, targeting users rather than exploiting vulnerabilities in smart contracts.
Security researchers said the most common attack vector involved authorisation abuse, where victims unknowingly approved malicious wallet permissions allowing attackers to transfer funds.
Separate data from PeckShield estimated total February crypto losses at about $26.5 million, marking the lowest monthly exploit figure since March 2025.
The findings suggest that while large-scale protocol exploits declined, scammers are increasingly focusing on tricking individual users into signing fraudulent transactions.
Crypto exchange Bybit said its fraud-prevention system blocked more than $300 million in unauthorised withdrawals in the final quarter of last year by flagging around 350 high-risk addresses.
Despite improving security tools, blockchain analytics firm Chainalysis estimates that hacks and scams still resulted in roughly $3.4 billion in losses across the industry last year.
At the time of reporting, Solana price was $86.01.