Blockchain security firm CertiK reported roughly $370.3M stolen across about 40 incidents in January 2026, rising to nearly $400M after a Jan. 31 Solana/Step Finance treasury exploit. A single social‑engineering/phishing attack on Jan. 16, where an attacker posed as hardware‑wallet support, accounted for about $284M and triggered large Monero conversions to launder proceeds.

CertiK’s January tally found approximately $370.3 million lost in roughly 40 incidents, with the monthly total approaching $400 million after the late‑January Solana/Step Finance treasury compromise. The largest single event in the period was a sophisticated social‑engineering phishing operation on January 16 in which an attacker impersonated hardware‑wallet customer support to gain access to private keys. That exploit alone accounted for roughly $284 million in stolen assets — reportedly 1,459 BTC and 2.05 million LTC — and operators moved large portions into Monero and other privacy‑focused channels to obscure tracing. CertiK and other security firms flagged rapid on‑chain conversions and layered laundering to obfuscate provenance, while the incident renewed scrutiny of centralized support impersonation risks and user education gaps. The cascade of January losses underscored ongoing weaknesses in custodial security, social engineering defenses, and the continuing attractiveness of crypto rails for large‑scale theft and international laundering activity.