Global crypto thefts jump to $370.3M in January as phishing and large scam dominate losses

Crypto asset thefts rebounded sharply in January, with trackers estimating roughly $370.3 million removed from wallets and platforms. Much of that total traced to impersonation-style social engineering, where a single incident is believed to have cost about $284 million, demonstrating how high‑value compromises can skew monthly figures. On-chain attribution indicates phishing and credential-based deception accounted for approximately $311.3 million of the month’s losses. Technical exploits and smart‑contract flaws still figured prominently: notable incidents included a near‑$28.9 million breach at a Solana portfolio app, a $26.4 million token‑mint exploit, and several drained liquidity pools. One tracker logged 16 distinct technical hacks in January aggregating to about $86.01 million, underscoring a bifurcated loss picture of social engineering versus code‑level breaches. Two contemporaneous intelligence inputs help contextualize the spike: a security researcher’s disclosure of an unsecured cache reportedly holding some 149 million username/password pairs highlights how device‑level infostealers broaden attackers’ upstream access to credentials; and a TRM Labs review of 2025 documents growing professionalization of laundering and a shift toward high‑impact, infrastructure‑level compromises. Together, these patterns explain why single incidents now account for outsized shares of monthly losses — attackers increasingly combine harvested credentials, targeted impersonation, permissive token minting, and resilient laundering chains to maximize take and exit quickly. The laundering ecosystem’s maturation, including use of tailored stablecoins and dense wallet clusters, reduces the effectiveness of classic trace-and-freeze tactics and raises the bar on interdiction. Short‑term defensive responses are likely to include expanded on‑chain surveillance, forced credential resets, device‑level hygiene campaigns, and stronger wallet and multisig practices; longer term, defenders will push for broader adoption of hardware‑backed MFA, formal verification, and improved custody standards. Market impacts are immediate: drained treasuries and custodial accounts spark rapid token selloffs, liquidity shocks and reputational damage that can deter new users and partners. The January data underline the need for combined technical controls and human‑centric anti‑phishing measures, plus international cooperation to disrupt the intermediary services that enable fast laundering of stolen funds.