Crypto Hacks Drop to $49M in February 2025

February's on-chain security data delivered a notable reprieve for the crypto industry — total exploit losses collapsed to roughly $49 million, down sharply from the $385 million recorded in January. For perpetual futures traders, the headline number matters less than the structural shift it signals: attackers are moving away from high-profile protocol exploits and toward lower-cost, higher-frequency phishing operations that target individual users. That transition has distinct implications for how volatility and sentiment events materialize in derivatives markets.

What Drove February's Losses?

A single incident dominated the month's damage tally. Step Finance, a Solana-based portfolio analytics platform, suffered a breach that drained approximately $30 million — representing the bulk of February's total losses. Strip that out, and the residual damage across the rest of the ecosystem was minimal by recent standards. Blockchain security firm PeckShield placed the February total even lower at $26.5 million, which it described as the lowest monthly figure since March 2025, citing improved risk controls and tighter security practices across major protocols.

The divergence between the two estimates — Nominis at $49 million, PeckShield at $26.5 million — likely reflects differences in methodology and scope, but both figures point in the same direction: large-scale smart contract exploits were largely absent in February.

How Does This Affect BTC and ETH Perpetual Markets?

Protocol-level exploits have historically been the more market-moving category of crypto security events. When a major DeFi protocol is drained, the resulting forced liquidations, emergency governance actions, and token price dislocations can spike open interest volatility and push funding rates sharply negative on affected assets. Phishing attacks, by contrast, tend to affect individual wallets and produce more diffuse, lower-amplitude market reactions.

The shift toward social engineering as the dominant attack vector therefore reduces the probability of a single security event triggering a cascading liquidation cascade in BTC or ETH perp markets. As of early 2025, BTC perpetual open interest remains elevated across major venues, meaning any sudden negative catalyst still carries outsized deleveraging risk — but the nature of phishing-driven losses makes that catalyst less likely to arrive in a single, concentrated shock.

Authorization abuse — where victims unknowingly grant wallet permissions that allow attackers to drain funds — was identified by Nominis as the most prevalent attack method in February. This technique primarily targets retail participants rather than protocol treasuries or exchange hot wallets, which limits direct contagion to spot and derivatives liquidity pools.

Broader Security Trajectory: Still a Structural Risk

One month of reduced losses does not establish a trend. Chainalysis data shows cumulative crypto hack losses reached $3.4 billion in 2024, and the historical peak came in 2022 when losses were significantly higher. The industry is improving, but the baseline risk remains substantial.

Bybit reported that its fraud-prevention infrastructure blocked over $300 million in unauthorized withdrawal attempts during Q4 2024 alone, flagging approximately 350 high-risk addresses and protecting around 8,000 users from potential scams. That scale of attempted fraud — even when successfully blocked — illustrates the persistent threat environment derivatives traders are operating within.

For traders running leveraged positions on Solana-ecosystem tokens, the Step Finance breach is a reminder that SOL-adjacent assets carry idiosyncratic security tail risk that BTC and ETH perp traders are less exposed to. A major exploit on a high-profile Solana DeFi protocol could compress SOL funding rates and accelerate open interest unwinding, particularly if it triggers broader sentiment deterioration across altcoin markets.