Blockchain security incidents intensified sharply at the start of 2026, with January emerging as one of the most damaging months for crypto users and protocols in recent history.
According to aggregated data released by CertiK, confirmed losses from exploits, phishing, and scams reached approximately $398 million during the month, underscoring persistent vulnerabilities across the digital asset ecosystem.
The updated figures incorporate late-confirmed incidents and provide a comprehensive view of attack vectors, affected protocols, and the concentration of losses by category. While exploits against protocols continued, the data highlights a clear shift toward user-targeted attacks as the dominant source of damage.
Phishing and Social Engineering Drive the Majority of Losses
The most striking takeaway from CertiK’s January breakdown is the overwhelming impact of phishing and social engineering.
#CertiKStatsAlert 🚨
Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.
~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.
More details below 👇 pic.twitter.com/uXhi0P6dl5
— CertiK Alert (@CertiKAlert) January 31, 2026
Phishing alone accounted for $311.3 million in losses, representing the single largest category by a wide margin. One confirmed social engineering incident resulted in a loss of approximately $284 million, making it one of the largest individual crypto thefts recorded.
When grouped by attack type, social engineering led all categories with losses of roughly $284.8 million, followed by DeFi-related incidents at around $50.4 million. Additional losses were attributed to address poisoning ($12.9 million), Layer 1 exploits ($6.2 million), and wallet drainers ($4.7 million), highlighting the breadth of attack surfaces exploited during the month.
Largest Exploits and Affected Protocols
CertiK’s ranking of major incidents shows that losses were not evenly distributed. The largest confirmed exploit reached approximately $27.3 million, followed closely by another incident totaling $26.7 million. Additional high-impact cases included losses of $13.3 million, $6.2 million, and $4.2 million, indicating that while many attacks were smaller, several large events significantly skewed aggregate figures.
By category, code vulnerabilities contributed roughly $52.4 million in losses, while price manipulation incidents accounted for just over $1 million. Exit scams remained comparatively limited, totaling under $0.5 million, suggesting that outright project abandonment played a smaller role than direct exploitation or deception.
Funds Recovery Remains Limited
Despite the scale of losses, recovered funds remained minimal. CertiK’s summary indicates that only about $4.4 millionwas returned to victims during January, a small fraction of total losses. This gap underscores the difficulty of asset recovery once funds are moved through mixers, bridges, or rapidly swapped across chains.
Security Takeaway
January’s data reinforces a critical trend: while protocol-level security remains important, user-level attack vectors now represent the greatest risk. The dominance of phishing and social engineering suggests that attackers are increasingly targeting human behavior rather than smart contract logic, exploiting trust, urgency, and interface deception instead of purely technical flaws.
As 2026 begins, the data highlights the growing importance of user education, wallet security practices, and transaction verification tools, alongside continued improvements in protocol audits and monitoring.
