Nearly $400 million in cryptocurrency was stolen in January, with phishing attacks accounting for 70% of the losses.

According to data from blockchain security company CertiK, the crypto industry suffered approximately 40 security incidents in January 2026, resulting in losses exceeding $400 million. The largest single loss came from a phishing attack on January 16th: an investor was tricked by scammers posing as Trezor customer service representatives, who then revealed the recovery seed phrase for their hardware wallet, leading to the theft of 1,459 Bitcoins and 2.05 million Litecoins, totaling $284 million, accounting for 71% of the total losses that month. The stolen assets were subsequently converted in large quantities into the privacy coin Monero (XMR) to conceal the transaction history, causing the XMR price to surge and highlighting the challenges regulators face in combating money laundering related to privacy coins. Other significant vulnerabilities included: a $30 million theft at Solana's Step Finance platform (January 31st), a $26.6 million loss for Truebit due to an overflow vulnerability, a $13 million loss for Swapnet, and losses of $6.2 million and $4.2 million for Saga and Makina Finance, respectively.