Crypto Losses Hit $1.5B in February from Exploits, Scams
February turned out to be a really rough month for crypto, folks. Get this: a whopping $1.53 billion vanished due to scams, exploits, and hacks! Blockchain security experts at CertiK dropped this bombshell, pointing to one massive incident that takes the crown: the $1.4 billion Bybit hack.
Imagine this: the Feb. 21st attack on Bybit, which CertiK pins on North Korea’s Lazarus Group, wasn’t just big—it was record-breaking. It more than DOUBLED the previous huge $650 million Ronin bridge hack from March 2022! And guess who was also behind *that* one? Yep, Lazarus Group again, as CertiK highlighted in a recent post on X, dated Feb. 28.
Let’s put February’s losses into perspective. We’re talking about a mind-blowing nearly 1,500% leap from the $98 million that CertiK reported in January. Okay, so the Bybit hack is a huge outlier, right? Even if we take that colossal loss out of the equation, the rest of the crypto world *still* lost over $126 million last month. That’s still a significant 28.5% jump in losses!
It was a tough month for Bybit, but they weren’t alone. Stablecoin payment firm Infini and decentralized money lending protocol ZkLend also suffered big losses. Source: CertiK
How did the Bybit heist happen? Well, Bybit explained that the attackers managed to seize control of one of their storage wallets. And get this – the FBI later stepped in, confirming industry whispers that North Korea was indeed behind the attack. They’re reportedly already moving the stolen digital loot, breaking it up and sending it across “thousands of addresses on multiple blockchains” – talk about a digital shell game!
But Bybit wasn’t alone in facing trouble that month. CertiK also flagged the second-biggest crypto incident in February: the Feb. 24 hack on stablecoin payment firm Infini, which cost them a hefty $49 million.
In a detailed report released on Feb. 27, CertiK revealed a critical detail. Apparently, a key wallet used in the attack had a history with Infini contract development and, crucially, still held admin rights. These rights were then exploited to redeem all the Vault tokens.
“This hack shines a light on a major weak spot, showing just how easily admin privileges can become a single point of failure,” CertiK’s report emphasized. “A core lesson for anyone in blockchain security is simple but vital: you *must* know how to protect your private keys.”
Here’s a twist: the Infini team decided to try a rather unusual approach. They actually offered the hacker a deal – keep 20% of the stolen funds, around $9.8 million, if they gave back the rest. Plus, they threw in a promise of no legal trouble.
A tense 48-hour deadline was set for this offer, but guess what? Time’s up, and it seems the clock has run out. Looking at Etherscan, the wallet the hacker used still holds over 17,000 Ether
– that’s still about $43 million just sitting there.
Source: Infini
So, has the hacker taken the deal? Returned any funds? As of now, there’s been no public peep from either side.
Related: Bybit hackers resume laundering activities, moving another 62,200 ETH
Adding to the February crypto crime wave, decentralized money lending protocol ZkLend also got hit. They suffered the third-largest exploit of the month, losing $10 million to hackers on Feb. 12.
Zooming out, CertiK breaks down where the losses came from in February. The biggest chunk, they say, was due to compromised wallets. Code vulnerabilities were next, causing around $20 million in losses, and then phishing scams, which snagged about $1.8 million.
Here’s a bit of a twist though: things were actually trending downwards in the crypto theft department towards the end of 2024! December had the lowest amount stolen at $28.6 million, compared to $63.8 million in November and $115.8 million in October. So, February’s massive jump is even more of a shock to the system.
Magazine: SCB tips $500K BTC, SEC delays Ether ETF options, and more: Hodler’s Digest, Feb. 23 –March. 1
