
In the first six months of 2026, the crypto industry lost $1.32 billion to security incidents, down 46.8% year over year, according to a CertiK report.
The CertiK Hack3d: H1 2026 Report is out.
At first glance, losses appear down 46.8%.
But the numbers can be misleading.
Remove one historic outlier, and H1 2026 losses were actually ~28% higher than the comparable period a year earlier.
The report explores the trends behind… pic.twitter.com/JZBabW6nzO
— CertiK (@CertiK) July 6, 2026
Analysts noted that the comparison with 2025 is skewed by the $1.4 billion Bybit hack. Without it, the decline would look less pronounced.
Attacks are becoming more targeted, and losses per major incident are rising, the company said. In the second quarter of 2026, losses rose 59% from the previous quarter to $807.5 million.


The main contributors to the rise in second-quarter losses were attacks on KelpDAO and Drift Protocol. CertiK said they accounted for more than 70% of the quarter’s losses.

Analysts said phishing was the largest source of losses in the first quarter. In the second quarter, wallet compromises led. Some large incidents, including Drift, may have combined social engineering and hijacking of administrative processes rather than simple key theft.
CertiK recommended strengthening the security of hardware infrastructure, signature management, and fund access procedures. Measures included protecting private keys, distributing signers across different jurisdictions, and adding controls for large transfers.
TRM Labs estimated first-half crypto industry losses lower, at $972 million. That is less than half of the $2.3 billion in the same period of 2025. The difference may be explained by CertiK counting a broader set of Web3 security incidents, including hacks, scams, and exploits.
According to TRM Labs, there were 207 separate incidents over six months — a record for a half-year period in its tracking. Most cases were smart contract hacks — 125 attacks, or about 60% of the total.

However, the largest losses stemmed from infrastructure and operational compromises. Such attacks accounted for about 15% of incidents but roughly 76% of total losses. Analysts included compromises of private keys, credentials, transaction-signing systems, and other infrastructure that governs access to funds.
TRM Labs estimated that DPRK-linked groups were responsible for stealing about $643 million, or around 66% of all funds stolen in the first half of 2026. According to CertiK, North Korean hackers were behind the attacks on KelpDAO and Drift Protocol.
On June 25–26, delegations from the United States, Japan, and South Korea discussed countering DPRK cyber activity in Washington. The agenda included cryptocurrency thefts, money laundering, schemes involving IT workers, and other revenue channels. The State Department said the countries intend to step up coordination against such schemes because they help finance Pyongyang’s programs, including the development of weapons of mass destruction and ballistic missiles.
In June, analysts at Unfolded and DeFiLlama called the second quarter of 2026 a record by number of incidents: 83 hacks with total losses of $755.3 million.
