platform: Newsletter format: snippet (weekly digest inclusion) hook: Hack losses dropped 87% in February. The attackers just moved.
---
The Attack Surface Shifted: Humans, Not Contracts
February 2026 crypto hack losses dropped 87% from January ($385M to $26.5M). Smart contract security is improving.
But attackers shifted targets. Social engineering is up 250% since 2024. Physical attacks on crypto holders increased 75% in 2025 (CertiK). This week, bonk.fun was compromised through team account hijacking and domain takeover. No smart contract bug involved.
High-value attacks now combine multiple vectors: infrastructure compromise plus wallet drainers, social engineering plus smart contract exploits, physical coercion plus on-chain poisoning.
Meanwhile, AI is accelerating vulnerability discovery on both sides. XBOW found a CVSS 9.8 RCE without source code access. FIRST projects 59,000 vulnerabilities discovered in 2026.
The smart contract security industry solved the easy problems. What remains are economic design flaws, human layer attacks, and multi-stage chains that no single-layer defense stops.
---
CTA: Audit your operational security alongside your smart contracts. The threat model changed.