After a rather busy January, DeFi hackers had a relatively slow month in February 2026. Four protocols suffered significant losses totaling approximately $23.5 million in losses (of which about $11.5 million was later frozen on exchanges). In contrast, January 2026 saw seven major hacks with a combined total of about $86 million, as well as the largest social engineering attack against an individual Web3 user in history.
Biggest DeFi Hacks of February 2026
In February 2026, four DeFi protocols suffered major hacks, including:
CrossCurve: Attackers exploited validation bugs in the cross-chain bridge’s smart contracts that allowed them to spoof messages that appeared to be from Axelar. Using the spoofed messages, they were able to trick the project’s PortalV2 contract into releasing funds in response to a fake deposit on another chain, resulting in about $3 million in losses.
IoTeX: IoTeX also suffered a hack involving its cross-chain bridge. In this case, the attacker gained access to the private key managing the Validator contract on the Ethereum side of the bridge. This allowed them to steal an estimated $4.3 million in tokens from the project’s reserves and mint 111 million CIOTX tokens worth approximately $4 million (although only $1.7 million was swapped before funds were frozen).
YieldBlox: A YieldBlox-operated lending pool was the victim of a price oracle manipulation attack. The attacker tricked the Reflector oracle that the protocol used to price the USTRY/USDC trading pair into using incorrect data, allowing the attacker to steal about $10.2 million from the protocol (although $7.2 million of this was later frozen).
FOOMCASH: FOOMCASH, the Ethereum-based ZK-proof lottery, suffered a $2.26 million hack in February 2026. A misconfiguration in the zkSNARK verification key (setting delta2=gamma2) allowed an attacker to forge proofs and drain value from the contract. This exploit was based on a similar hack of Veil Cash for about $427k.
Lessons Learned from the Attacks
The biggest DeFi hacks of February 2026 saw a mix of targets and attack vectors. Two of the impacted protocols were cross-chain bridges (CrossCurve and IoTex), and two suffered exploits that took advantage of smart contract vulnerabilities (CrossCurve and YieldBlox).
This set of victims and attack vectors reinforces the fact that cross-chain bridges are a common high-value target of DeFi hackers. At the same time, the diversity of attack vectors (failed validation, compromised private key, price oracle manipulation, and cryptographic errors) demonstrates the importance of a comprehensive Web3 security strategy that addresses both on-chain and off-chain security threats.
Halborn offers a range of Web3 security services, including both smart contract audits and security advisory services designed to help identify and address on-chain and off-chain security gaps early in the software development lifecycle. For help with defending your project against these attacks, get in touch.