Resolv USR Stablecoin Depegs After Exploit – Attacker Mints 80 Million Tokens and Extracts Millions

Key Takeaways

Exploit Allows Minting of 80 Million Unbacked USR Tokens

Resolv Labs’ USR stablecoin lost its US dollar peg after an attacker exploited a vulnerability in the token’s contract and minted tens of millions of tokens without backing.

According to a statement published by Resolv Labs on X, the attacker initially minted 50 million USR. The company said the exploit allowed the creation of unbacked tokens and confirmed that all protocol functions were paused to prevent further malicious activity. The team stated it is actively working on recovery efforts.

On-chain observations shared by the X account “yieldsandmore” indicated that the attacker was able to mint the initial 50 million USR by depositing $100,000 worth of USD Coin (USDC). Crypto security firm PeckShield reported that an additional 30 million USR tokens were minted, bringing the total to 80 million.

Crypto fund D2 Finance stated that the minting function on USR’s contract appeared to be flawed. It cited possible causes including a compromised off-chain signer, a manipulated oracle, or missing validation between request and completion. No definitive technical explanation has been confirmed in the available information.

Rapid Cash-Out Strategy Across DeFi Protocols

Following the minting of the tokens, the attacker moved quickly to convert USR into other digital assets. D2 Finance reported that the 50 million USR initially minted were transferred across multiple crypto protocols and swapped for USDC and USDt (USDT). The funds were then aggressively converted into Ether (ETH).

D2 Finance described the sequence as a typical decentralized finance exploit cash-out pattern. On-chain data showed multiple transactions executed in quick succession. The firm also noted that several failed transactions were visible, indicating urgency during the liquidation process.

Amid the rapid selling pressure, liquidity conditions deteriorated. Slippage increased across protocols where USR was traded. D2 Finance estimated that approximately $25 million was extracted by the attacker before the market stabilized.

USR Loses Peg and Experiences Flash Crash on Curve

The exploit had an immediate impact on USR’s price stability. The token is designed to maintain a 1:1 peg with the US dollar. However, heavy selling pressure following the exploit led to a sharp depeg.

According to data referenced from DEX Screener, USR fell to as low as 2.5 cents in the USR USDC pool on Curve Finance. This pool represents USR’s most liquid trading venue, with a reported 24-hour volume of $3.6 million. The flash crash occurred at 2:38 am UTC, just 17 minutes after the attacker minted the initial 50 million tokens.

The Curve pool later recovered partially, with USR trading at approximately 84.5 cents. CoinGecko data showed the token trading around 87 cents at the time of reporting, representing a roughly 13 percent deviation from its intended peg.

D2 Finance also reported that some trades were executed at around 50 cents as liquidity fragmented and slippage worsened. These price dislocations reflect the impact of sudden, large-scale token supply increases in decentralized markets.

Protocol Response and Market Context

Resolv Labs stated that it paused all protocol functions after detecting the exploit. The pause is intended to prevent additional unauthorized minting and limit further damage. The company did not provide additional operational details in the available statement.

The incident occurred during a period in which crypto-related hacks had declined compared to the previous month. According to figures cited in the report, $49 million was lost to crypto exploits in February, down from $385 million in January. The report also noted that attackers have increasingly shifted toward phishing scams rather than direct protocol exploits.

This case stands out because it directly affected a stablecoin’s core function. Stablecoins are designed to maintain price stability, and contract-level vulnerabilities can undermine that mechanism by altering supply without corresponding backing.

Implications for Stablecoin Users and DeFi Participants

For users interacting with decentralized finance protocols, the incident highlights how smart contract vulnerabilities can impact token value and liquidity within minutes. The rapid depeg and flash crash on Curve demonstrate how automated market maker pools respond to sudden imbalances between supply and demand.

Users who provide liquidity or hold stablecoins in decentralized pools may face immediate price exposure during exploit-driven sell-offs. In this case, USR’s deviation from its peg ranged from a brief collapse to a partial recovery within hours.

The attacker’s ability to move minted tokens across multiple protocols and convert them into widely used stablecoins and Ether shows how interconnected decentralized markets can facilitate rapid fund transfers.

Our Assessment

The available facts show that a contract-level vulnerability enabled the minting of 80 million unbacked USR tokens, leading to a sharp and immediate loss of the stablecoin’s dollar peg. Approximately $25 million was reportedly extracted before liquidity conditions stabilized. Resolv Labs has paused protocol functions while working on recovery. The incident demonstrates how exploits affecting token supply mechanisms can quickly impact price stability and liquidity across decentralized trading venues.

36.4% of Adults in Germany Gambled in the Past Year – National Survey Highlights Participation Levels and Risk Groups

Key Takeaways

Survey Scope and Methodology

A national study released in 2025 provides updated data on gambling behavior across Germany. Researchers gathered 12,340 responses from residents aged 16 to 70. Data collection took place between August 4 and November 26, 2025, using a combination of phone interviews and online panels.

The project received funding from Deutscher Lotto und Totoblock. Academic oversight was provided by researchers from the Institute for Interdisciplinary Addiction and Drug Research, working together with the gambling research unit of the University of Bremen. The study examined participation rates, spending patterns, and potential risks associated with different gambling products.

By combining survey data with established diagnostic criteria, the researchers aimed to measure not only how many people gamble, but also how gambling behavior overlaps with indicators of problematic play and other financial activities.

Participation Rates Remain Relatively Stable

According to the survey, 36.4% of respondents reported that they had participated in gambling at least once within the previous year. The study notes that overall participation levels remain relatively steady compared with 2021.

This figure covers a broad range of gambling products, although the survey summary does not break down participation by specific vertical such as lotteries, sports betting, or online casino gaming. The findings indicate that more than one in three adults in the surveyed age group engaged in some form of gambling activity during the period under review.

For users of betting and iGaming platforms, the data confirms that gambling continues to represent a mainstream leisure activity in Germany, with stable overall engagement over recent years.

2.2% Meet Criteria for Gambling Disorder

Beyond participation, the study assessed the prevalence of gambling disorder using criteria from the Diagnostic and Statistical Manual of Mental Disorders, Fifth Edition, commonly referred to as DSM-5.

Among adults aged 18 to 70, 2.2% meet the diagnostic criteria for gambling disorder. This measure is based on standardized clinical indicators rather than self assessment alone. The use of DSM-5 criteria provides a structured framework for identifying problematic gambling behavior.

The survey also examined behavioral patterns among players and explored overlaps between gambling activity and speculative financial trading. While detailed figures on this overlap were not provided in the summary, the inclusion of this topic reflects a broader research interest in how risk oriented financial behavior may intersect with gambling participation.

Younger Adults and Multi Product Users Show Higher Vulnerability

The data highlights specific groups with elevated vulnerability. Younger adults aged 18 to 35 show higher levels of risk, particularly men within this age bracket. In addition, individuals who use several gambling products are identified as a group with increased exposure to potential harm.

The survey does not quantify the exact rate of gambling disorder within these subgroups, but it points to a clear pattern of higher susceptibility compared with the general adult population. For operators and users alike, this distinction is relevant because it underscores how risk levels may differ depending on age, gender, and breadth of product engagement.

Understanding which demographic segments show higher vulnerability can inform discussions about player protection tools and responsible gambling measures.

Role of the OASIS Self Exclusion Register

The study references OASIS, a nationwide self exclusion register in Germany. OASIS allows individuals to block their access to gambling services across participating providers.

Self exclusion systems such as OASIS are designed to offer a formal mechanism for players who want to limit or stop their gambling activity. While the survey summary does not provide data on the number of registered users or the effectiveness of the system, its mention indicates that player protection infrastructure forms part of the broader regulatory environment assessed by researchers.

For users comparing gambling platforms in Germany, the existence of a centralized self exclusion register is a structural feature of the market that can directly affect access to licensed services.

Our Assessment

The 2025 national survey shows that gambling participation in Germany remains widespread, with 36.4% of adults reporting activity in the previous year. At the same time, 2.2% of adults aged 18 to 70 meet DSM-5 criteria for gambling disorder, and younger adults aged 18 to 35, particularly men and multi product users, display higher vulnerability.

Based on 12,340 responses collected through phone and online surveys, and conducted by established research institutions, the findings provide an updated statistical snapshot of gambling behavior and associated risks in Germany. The inclusion of diagnostic criteria and reference to the OASIS self exclusion register places participation figures in the context of player protection and risk monitoring within the German market.

Crypto Industry Calls for Unified AML Standards – Blockchain Transparency Framed as Tool Against Illicit Finance

Key Takeaways

Blockchain Transparency Positioned as Structural Advantage

In an opinion article published by Cointelegraph, Ana Carolina Oliveira, chief compliance officer at Venga, states that cryptocurrencies should not be viewed as uniquely prone to money laundering when compared with traditional finance. She argues that illicit fund transfers are a general issue linked to the movement of money, regardless of whether transactions occur in fiat systems or on blockchain networks.

According to the article, blockchain technology records transactions permanently. This creates an auditable trail that can allow investigators to trace financial flows from origin to destination when suspicious activity occurs. The author contrasts this with traditional finance, where a large share of money laundering is believed to go undetected.

For users of crypto platforms, including exchanges and gambling services that accept digital assets, transaction traceability forms part of the compliance framework that determines how funds are monitored and assessed. The transparency of public ledgers is described as a structural feature that can support anti money laundering efforts when combined with appropriate oversight.

Limits of Current AML Frameworks Across CeFi and DeFi

The article states that the broader anti money laundering system must evolve across centralized finance and decentralized finance environments. While blockchain data is publicly accessible, individual exchanges and platforms do not have full visibility into all onchain activity. Each entity operates with limited insight into transactions that occur beyond its own user base.

Oliveira notes that existing tools such as wallet screening, onchain analytics and the Travel Rule already form part of the compliance architecture. The Travel Rule requires identifying information to accompany certain crypto transfers, comparable to identification systems used in traditional banking networks.

However, the implementation burden falls largely on private companies. The article highlights that regulators have set requirements but left the development of technical infrastructure and integration to the industry. In a sector characterized by companies operating across multiple jurisdictions, this creates complex compliance obligations.

For operators in sectors such as crypto betting and online casinos, these fragmented standards can translate into varying onboarding processes, transaction checks and reporting duties depending on the country of operation.

EU AML Regulation and Cross Border Gaps

The opinion references the recently published European Union AML Regulation, identified as Regulation EU 2024/1624. While the regulation sets out rules affecting the crypto sector, the author argues that practical implementation and coordination remain critical challenges.

Different thresholds and requirements in the United States, the European Union and Asian jurisdictions are described as creating inconsistencies in information sharing, due diligence and Travel Rule enforcement. According to the article, these differences create loopholes that can be exploited by bad actors who shift activity toward less stringent environments.

The difficulty of identifying the owners of self hosted wallets is presented as a key issue. Blockchain addresses are pseudonymous, and additional tools such as mixers can obscure the source of funds. In such cases, determining the origin and ownership of assets becomes more complex for compliance teams.

For international users who move funds between exchanges, betting platforms or wallets across borders, these regulatory differences can affect how transactions are processed and what identification requirements apply.

Industry Cooperation as Proposed Response

A central argument in the article is that greater communication and structured information sharing across the crypto industry are necessary to strengthen anti money laundering defenses. The author calls for collaboration between exchanges, platforms, financial intelligence units and traditional financial institutions.

The article suggests that a global compliance standard applied consistently across jurisdictions would reduce gaps. At the same time, it acknowledges the difficulty of achieving regulatory alignment across regions.

The proposed approach emphasizes closing loopholes while preserving what the author describes as financial freedom in crypto markets. The argument is that harmonized compliance could reduce friction for legitimate users by minimizing the need to navigate different regulatory requirements when switching platforms or regions.

Implications for Crypto Market Participants

The opinion frames anti money laundering measures not as a constraint on crypto markets, but as a structural requirement for long term development. It states that mastering both technical tools and inter platform communication is necessary to move from low tolerance to no tolerance of illicit activity.

For crypto exchanges, sportsbooks and online gambling operators that accept digital assets, compliance frameworks directly affect customer onboarding, transaction monitoring and cross platform transfers. Regulatory clarity and standardized processes can influence operational costs and user experience.

As policymakers continue to refine rules and as industry participants develop shared systems, the balance between transparency, privacy and regulatory compliance remains a central issue in the crypto ecosystem.

Our Assessment

The opinion article published by Cointelegraph presents blockchain transparency and industry cooperation as key components in addressing money laundering risks in crypto markets. It highlights the role of Regulation EU 2024/1624 and the Travel Rule while pointing to cross border inconsistencies and implementation challenges. For international users and operators, the discussion underscores how evolving compliance standards shape transaction monitoring, information sharing and platform requirements across jurisdictions.

US Treasury Sanctions Alleged North Korea IT Fraud Facilitators – 21 Crypto Addresses Added to OFAC List

Key Takeaways

US Treasury Targets Alleged Facilitators of North Korea IT Worker Network

The US Department of the Treasury has imposed sanctions on six individuals and two entities accused of facilitating an IT worker fraud scheme linked to North Korea. The measures were announced by the Office of Foreign Assets Control, which oversees US sanctions enforcement.

According to the Treasury, the sanctioned network operated across North Korea, Vietnam, Laos and Spain. Authorities allege that the scheme generated revenue for North Korea’s weapons program.

The sanctions freeze any US-based assets connected to the named individuals and entities. They also prohibit US persons and businesses from engaging in financial transactions or other dealings with them. Violations can result in civil and criminal penalties.

Named Entities and Individuals

Among the sanctioned entities is Amnokgang Technology Development Company, described as a North Korean firm accused of managing overseas IT workers. The Treasury also sanctioned Nguyen Quang Viet, identified as the CEO of Quangvietdnbg International Services Company Limited, a Vietnam-based company.

Authorities allege that Nguyen Quang Viet’s company laundered 2.5 million US dollars through cryptocurrency on behalf of the network. In addition, five individuals were designated for their alleged roles in the IT worker operations: Do Phi Khanh, Hoang Van Nguyen, Yun Song Guk, Hoang Minh Quang and York Louis Celestino Herrera.

All listed persons and entities are now subject to US sanctions restrictions, including asset freezes and transaction bans involving US jurisdictions.

21 Cryptocurrency Addresses Added Across Ethereum and Tron

As part of the enforcement action, OFAC included 21 cryptocurrency addresses in its sanctions designation. The addresses span the Ethereum and Tron blockchains.

Blockchain analytics firm Chainalysis stated that the inclusion of addresses on multiple networks reflects what it described as North Korea’s increasingly multi-chain approach to moving funds. By designating specific wallet addresses, authorities aim to limit the ability of sanctioned actors to transact in digital assets through compliant platforms and intermediaries.

For cryptocurrency exchanges, payment processors and other digital asset businesses, the addition of wallet addresses to the sanctions list requires updated compliance screening. Businesses operating internationally, including those serving crypto betting and iGaming platforms, must ensure that they do not process transactions linked to sanctioned addresses.

Fraudulent IT Worker Schemes Target Blockchain Companies

The Treasury action follows reports that fraudulent IT workers with alleged ties to North Korea have targeted a wide range of industries. Blockchain companies have been among the affected sectors.

An April 2025 report by Google found that the infrastructure supporting these schemes had spread worldwide. According to Chainalysis, the operations rely on stolen identities and fabricated personas to obtain employment with legitimate companies.

Beyond receiving salaries under false pretenses, some workers have allegedly introduced malware into company networks. Chainalysis stated that this tactic has been used to extract proprietary and sensitive information. The firm described the IT worker schemes as a sophisticated and growing threat.

For companies handling cryptocurrency transactions, including exchanges and service providers connected to online gambling platforms, such tactics raise operational and compliance risks. Screening counterparties against updated OFAC sanctions lists and monitoring for unusual payment patterns form part of standard risk management procedures when new designations are issued.

Compliance Implications for Crypto and iGaming Businesses

The addition of individuals, entities and wallet addresses to the OFAC sanctions list has direct consequences for businesses that interact with US financial systems or serve US customers. Any assets within US jurisdiction linked to the sanctioned parties are blocked.

Crypto businesses must ensure that they do not facilitate transactions involving the 21 listed addresses on Ethereum and Tron. Failure to comply with sanctions requirements can expose companies to enforcement action.

For international users of crypto betting and iGaming platforms, sanctions actions can affect the availability of certain payment routes or counterparties if platforms adjust their compliance controls. Operators typically respond by updating internal blacklists, transaction monitoring systems and onboarding procedures.

Our Assessment

The US Treasury’s sanctions designate six individuals, two entities and 21 cryptocurrency addresses connected to an alleged North Korea-linked IT worker fraud network. The measures freeze US-based assets and prohibit transactions with US persons. The case highlights how authorities are targeting both individuals and blockchain wallet addresses in response to schemes that have affected multiple industries, including blockchain companies.

Gondi Disables Sell & Repay Contract After $230,000 NFT Exploit – Platform Says Core Functions Remain Secure

Key Takeaways

Exploit Targeted Sell & Repay Smart Contract

Gondi, an NFT lending protocol, reported that a hacker exploited its Sell & Repay smart contract, resulting in the theft of approximately $230,000 worth of nonfungible tokens. According to the company, the affected contract allows borrowers to sell escrowed NFTs and automatically repay outstanding loans on the platform.

The incident occurred at around 8:12 am UTC, when 78 NFTs were transferred out of the protocol. Data from Ethereum block explorer Etherscan confirms the timing and number of assets involved. Blockchain security platform Blockaid estimated the total damage at $230,000.

Gondi stated that it has since disabled the faulty contract. The company also clarified that no other part of its infrastructure was impacted by the exploit.

Updated Contract Had Been Deployed in February

Gondi noted that an updated version of the Sell & Repay contract had been deployed on Feb. 20. The company did not provide technical details on how the attacker was able to exploit the contract following that update.

At the time of reporting, a new fix for the Sell & Repay contract had not yet been deployed. The vulnerable component remains disabled while the company works on remediation.

Despite the incident, Gondi stated that users can continue to engage with other core functions of the platform. These include repaying, renegotiating, and refinancing loans, starting new loans, and buying, selling, trading, and listing NFTs.

Security Review Conducted by Blockaid and Independent Auditor

Following the exploit, Gondi said that both Blockaid and an independent auditor reviewed the platform. According to the company, the review concluded that the system is safe to use in its current state, excluding the disabled contract.

The company emphasized that its focus has shifted to compensating affected users. This includes direct engagement with NFT owners who suffered losses during the exploit.

Blockchain security firms such as Blockaid typically analyze smart contract behavior and transaction patterns to identify vulnerabilities or malicious activity. In this case, Blockaid not only estimated the financial damage but also tracked the movement of stolen NFTs.

Community Efforts Lead to Partial NFT Recovery

Blockaid reported that the attacker had begun selling some of the stolen NFTs. However, members of the NFT community were able to recover and return several assets. Gondi identified recovered items including Doodle, Aluminum Gazer, Lil Pudgy, and Servant of the Muse NFTs.

The company added that discussions are ongoing regarding additional items, including NFTs from the Taxmen collection.

Crypto researcher Tinoch reported that one user, identified by the wallet address 0x8d1…47051, lost approximately $108,000 worth of NFTs. This amount represents nearly half of the total value stolen in the exploit.

Compensation Through Comparable NFT Purchases

Gondi stated that it has already purchased comparable items from the same NFT collections as those stolen and transferred them to affected owners. The company acknowledged that these replacements are not the exact same tokens but described them as a fair and meaningful resolution.

The process of compensation is ongoing. Gondi said it will continue acquiring comparable NFTs for any remaining cases and coordinate directly with each impacted user.

This approach reflects the structure of NFT markets, where individual tokens within the same collection can vary in traits and value. By purchasing items from the same collections, Gondi aims to restore users to a comparable position prior to the exploit.

Operational Continuity After the Incident

According to Gondi, activities unrelated to the disabled Sell & Repay contract remain operational. Users can continue to manage loans and trade NFTs on the platform.

The incident highlights the operational risks associated with smart contract based lending mechanisms. In NFT lending models, escrowed assets are typically locked in contracts that automate collateral management and repayment processes. A vulnerability in one such contract can expose user assets if exploited.

In this case, Gondi maintains that the vulnerability was isolated and that broader platform functionality was not compromised.

Our Assessment

The exploit resulted in the theft of 78 NFTs valued at approximately $230,000 and was limited to Gondi’s Sell & Repay smart contract. The company disabled the affected contract, conducted a review with Blockaid and an independent auditor, and began compensating users through the purchase of comparable NFTs. Other platform functions remain active while remediation of the contract continues.

Flow Foundation Files Court Motion to Halt Korean Exchange Delistings – Legal Action Follows Security Incident and Sharp Token Decline

Key Takeaways

Flow Foundation Seeks Court Intervention Over Korean Delistings

Flow Foundation and its parent company Dapper Labs have filed a motion with the Seoul Central District Court to suspend the termination of trading support for the FLOW token on three major South Korean exchanges. The application targets decisions by Upbit, Bithumb, and Coinone, which announced on February 12 that they would end FLOW trading support effective March 16.

The court reviewed the application on March 9 and will determine the next procedural steps. The legal move comes after Korean exchanges halted trading following a security incident that affected the Flow blockchain in December.

For users in South Korea, the outcome of the court review will determine whether FLOW remains accessible on the affected platforms. At present, Korbit continues to support FLOW trading in the country.

December Security Incident Led to Trading Suspensions

Flow, a layer-1 blockchain, experienced a security incident in December when an attacker exploited a vulnerability in the network. The flaw allowed certain assets to be duplicated rather than minted through standard supply controls. As a result, tokens could be created outside the intended issuance process.

According to the Foundation, the exploit led to $3.9 million in duplicated tokens. The organization stated that no user funds were compromised and that the counterfeit tokens were permanently destroyed. The attacker did not access or drain existing user balances.

Despite these remediation measures, several exchanges suspended FLOW trading due to concerns about the impact of duplicate tokens on asset value and overall network trust. The Korean exchanges later moved toward full delisting, prompting the current legal challenge.

Global Exchanges Continue to List FLOW

While Korean platforms announced plans to terminate support, Flow Foundation stated that major global exchanges have independently reviewed the situation and restored full FLOW services.

The Foundation reported that FLOW remains available on Coinbase, Kraken, OKX, Gate.io, HTX, Binance, and Bybit. It also emphasized its commitment to maintaining open access to FLOW in every market.

For international users, this means that despite regional trading suspensions in South Korea, the token continues to be listed and tradable on multiple large exchanges. The differing approaches between Korean exchanges and global platforms highlight how individual venues respond independently to security incidents.

Token Price and Ecosystem Metrics Show Sharp Declines

Market data indicates that FLOW has faced significant price pressure since the December incident. The token has fallen 75% since late December and is currently trading at $0.043.

The longer term performance shows a more substantial decline. FLOW is down 99.9% from its 2021 all-time high of $42, according to CoinGecko data cited in the report.

On-chain activity metrics have also contracted. Total value locked on the Flow platform has decreased 82% to $21 million since its November 2025 peak, according to DeFiLlama. Data referenced in the report shows that TVL losses accelerated following the security incident.

The broader non-fungible token market has also contracted significantly. Total NFT market capitalization has declined 92% from a mid-2022 peak of around $17 billion to approximately $1.4 billion today, according to CoinGecko.

Flow’s Background and Ecosystem Development

Dapper Labs, known as the creator of the NFT project CryptoKitties, announced the development of Flow in 2019. The blockchain was designed as a new layer-1 network intended to address scalability challenges in Web3 games and digital collectibles.

According to the Foundation, the Flow ecosystem continues to develop, with brands including Disney, the NBA, the NFL, and Ticketmaster actively building on the blockchain.

The recent legal and market developments, however, have placed renewed attention on the network’s stability and token performance. Exchange support remains a critical factor for liquidity and accessibility, particularly in markets where local platforms play a dominant role in trading activity.

Our Assessment

Flow Foundation’s court filing represents a direct response to planned delistings by three major South Korean exchanges following a December security incident. Although the duplicated tokens were destroyed and no user funds were compromised, the event led to trading suspensions and a significant decline in FLOW’s market value and total value locked.

At the same time, the token remains listed on several major global exchanges, and Korbit continues to support trading in South Korea. The court’s decision will determine whether FLOW maintains access to the affected Korean platforms ahead of the announced March 16 termination date.

Iran Bitcoin Outflows Reach $10.3 Million After US-Israel Airstrikes – On-Chain Data Points to Capital Flight and Self-Custody Shift

Key Takeaways

Airstrikes in Tehran Trigger Immediate Spike in Crypto Withdrawals

On February 28, 2026, US-Israeli airstrikes hit key targets in Tehran, including nuclear facilities, missile sites, and the Pasteur district. Reports later confirmed the death of Supreme Leader Ayatollah Ali Khamenei and other senior officials.

In the hours following the strikes, on-chain data showed a marked increase in cryptocurrency activity. According to data compiled by Chainalysis, approximately $10.3 million in crypto assets flowed out of Iranian exchanges between February 28 and March 2. The timing of these withdrawals coincided with the immediate aftermath of the military action.

Chainalysis previously analyzed Iran’s $7.8 billion crypto ecosystem and found that trading volumes and withdrawals tend to rise during periods of domestic unrest and geopolitical shocks. The latest outflows follow that established pattern, with blockchain data showing a sharp increase in transactions soon after the strikes.

Nobitex Records 700 Percent Outflow Surge

Elliptic, a blockchain analytics firm, reported that Nobitex, Iran’s largest cryptocurrency exchange, experienced a 700 percent jump in outflows within minutes of the first airstrikes. Nobitex plays a central role in Iran’s digital asset market, serving more than 11 million users and processing $7.2 billion in crypto transactions in 2025.

The exchange provides a direct channel for converting Iranian rials into cryptocurrencies and transferring funds to external wallets. According to Elliptic, many of the withdrawn funds were traced to overseas exchanges that have historically received inflows from Iran. This pattern indicates that users sought to move capital beyond the domestic financial system following the escalation.

The surge at Nobitex was more pronounced than the broader market movement, highlighting the exchange’s importance as a liquidity hub for Iranian crypto users.

Three Main Drivers Identified by Chainalysis

Chainalysis outlined three plausible explanations for the increase in outflows from Iranian exchanges.

First, individual users appear to have transferred assets from centralized exchanges to personal wallets. In previous periods of unrest, including protest waves in 2025, bitcoin withdrawals to self-custodial wallets increased as citizens sought to maintain control over their funds. The February 28 activity reflects a similar pattern, with users moving assets amid concerns about instability and potential restrictions.

Second, exchanges themselves may have shifted funds between wallets. Chainalysis noted that operational fund cycling can occur to manage liquidity or obscure internal activity. This practice gained urgency after a 2025 hack of Nobitex in which more than $90 million in assets were stolen. In times of crisis, exchanges may increase internal transfers to maintain operational resilience.

Third, some transfers could involve state-aligned actors using domestic platforms for cross-border trade, sanctions evasion, or proxy financing. Chainalysis stated that distinguishing between retail-driven outflows and state-linked activity requires deeper wallet-level analysis over time. In the immediate aftermath of the strikes, the motives behind individual transactions remain difficult to separate.

Parallels With Earlier Protest-Driven Withdrawals

The recent spike resembles patterns observed earlier in 2026. During anti-regime protests in January, bitcoin withdrawals from Iranian exchanges surged in anticipation of government-imposed internet blackouts. Activity then plateaued while connectivity restrictions were in place and resumed once access was restored.

The February 28 airstrikes appear to have triggered a comparable sequence. Outflows climbed sharply following the attacks, reflecting a rapid response by users to geopolitical developments. Past data cited by Chainalysis shows that Iranian crypto activity often responds directly to domestic events, with increases in both trading volumes and withdrawals during periods of uncertainty.

Implications for Users Moving Funds Internationally

Elliptic’s tracing of funds to overseas exchanges indicates that a portion of the capital left Iranian platforms for foreign destinations. For users, this means that centralized exchanges inside the country served as a bridge between the domestic currency and international crypto markets.

Nobitex’s transaction volume of $7.2 billion in 2025 underlines its role in facilitating such flows. With more than 11 million users, movements on this platform can materially affect on-chain activity levels linked to Iran.

For international observers, including users of crypto-based financial and betting platforms, the data illustrates how geopolitical events can rapidly influence exchange balances, wallet transfers, and cross-border crypto flows. On-chain analytics firms such as Chainalysis and Elliptic provide transaction-level visibility into these shifts, though attribution of motives remains complex.

Our Assessment

On-chain data from Chainalysis and Elliptic shows that the February 28, 2026 airstrikes in Tehran were followed by a measurable increase in cryptocurrency outflows from Iranian exchanges, totaling about $10.3 million within days. Nobitex recorded a 700 percent surge in withdrawals, with funds traced in part to overseas exchanges. The activity aligns with previously documented patterns in Iran, where domestic unrest and geopolitical shocks coincide with higher trading volumes and increased transfers to self-custody and foreign platforms. The data highlights the responsiveness of Iran’s crypto ecosystem to sudden political and military developments.

February Crypto Losses Fall to $26.5 Million – Lowest Monthly Total Since March 2025

Key Takeaways

February Losses Drop to Lowest Level in Eleven Months

Crypto hacks and scams resulted in $26.5 million in losses in February, according to blockchain security firm PeckShield. The figure represents the lowest monthly total recorded since March 2025.

PeckShield reported that 15 incidents were identified during the month. However, only two cases accounted for the majority of total losses. Compared with January, when losses exceeded $86 million, February’s total marks a 69.2% month on month decrease.

For users of crypto platforms, including exchanges, lending protocols and crypto enabled gambling services, the scale of exploit related losses is a key risk indicator. Lower aggregate losses do not eliminate operational risk, but they reflect a reduced financial impact from security incidents over the reporting period.

Two Major Exploits Account for Most of the Damage

The largest single incident in February was a $10 million theft from YieldBlox’s DAO managed lending pool. According to PeckShield, the attack involved price manipulation and occurred on Feb. 21.

On the same day, the decentralized identity protocol IoTeX suffered the second largest exploit of the month. Approximately $8.9 million was lost in what PeckShield described as a private key exploit.

Together, these two incidents accounted for the majority of the $26.5 million total. The remaining 13 incidents were comparatively smaller in scale. The concentration of losses in a limited number of cases contrasts with months that include so called mega hacks, where a single large scale breach significantly inflates total losses.

Fewer Mega Hacks and Market Volatility Influenced the Decline

A spokesperson for PeckShield told Cointelegraph that February did not see mega hacks comparable to the $1.5 billion Bybit hack that occurred in February 2025. The absence of such large scale events contributed to the lower overall figure.

PeckShield also linked the decline to broader market conditions. A sharp market correction in early February saw Bitcoin dip below $70,000. According to the firm, this shift redirected industry focus toward institutional deleveraging and mathematically driven sell offs.

During periods of heightened volatility, attention often moves away from exploiting protocol vulnerabilities and toward managing liquidity risks. In this environment, exploit activity can temporarily cool as market participants prioritize capital preservation and risk management.

For crypto users, including those funding betting accounts or holding balances on platforms, market volatility can therefore influence not only asset prices but also the operational threat landscape.

Security Controls and Monitoring Frameworks Show Signs of Maturation

Dominick John, an analyst at Kronos Research, told Cointelegraph that tighter risk controls and stronger counterparty standards may also have contributed to the decline in losses.

According to John, capital is becoming more selective, favoring protocols with more mature security frameworks. He pointed to improvements in audits, real time monitoring and institutional risk frameworks as factors that could support a continued reduction in losses if standards keep pace with ongoing innovation.

John also noted that artificial intelligence may play an increasing role in crypto security. AI driven tools can support automated code reviews, anomaly detection and pre deployment attack simulations. These measures aim to identify vulnerabilities earlier in a protocol’s lifecycle.

While these developments indicate structural improvements in how risks are managed, the ecosystem remains fast moving, and security requirements continue to evolve alongside new products and technical features.

Phishing Remains a Persistent Threat Despite Lower Wallet Drainer Losses

Although overall hack related losses declined in February, phishing continues to present a significant risk. PeckShield reported that losses tied to wallet drainer attacks dropped sharply in 2025, from $494 million to $83.85 million.

Even with that reduction, the firm described phishing as the most persistent threat vector. Rather than targeting smart contract code, attackers increasingly focus on manipulating individuals to gain access to sensitive information, including private keys and wallet credentials.

PeckShield emphasized the importance of multi signature cold storage solutions and strict protection of wallets and private keys, particularly for institutions and large holders. For individual users, including those interacting with crypto betting and gaming platforms, phishing risks often arise through impersonation attempts and fraudulent communications.

Our Assessment

PeckShield’s data shows that February’s $26.5 million in crypto related losses marks the lowest monthly level since March 2025 and a substantial decrease from January. The absence of mega hacks, combined with a period of market correction and volatility, coincided with reduced aggregate losses. At the same time, two incidents accounted for most of the damage, and phishing remains a persistent method of attack. The figures indicate a month of comparatively lower financial impact from exploits, while structural security challenges continue to shape the risk environment for crypto users and platforms.