CertiK: Deepfakes, Phishing, Supply-Chain Threaten 2026 Hacks

CertiK researchers identified real-time deepfakes, phishing, supply-chain compromises and cross-chain messaging failures as likely drivers of major crypto hacks in 2026. The firm said the industry has lost more than $600 million so far this year, including a $293 million exploit of Kelp DAO and a separate $280 million loss at the Drift Protocol in April.

Natalie Newson, a senior blockchain investigator at CertiK, highlighted the April incidents as examples of how a single trust failure in cross-chain infrastructure or a compromised vendor can produce rapid, large losses. She pointed to the Kelp DAO exploit as tied to a single point-of-trust failure in cross-chain messaging systems.

Newson reported that several high-value thefts in 2026 have links to North Korea-affiliated actors. She noted one long-running campaign that used AI-generated content in social engineering against a crypto wallet provider, leading to roughly $100,000 taken from hot wallets in mid-April.

She warned, “There are now more convincing deepfakes, autonomous attack agents, and ‘agentic AI’ that can autonomously scan smart contracts for bugs, draft exploit code and execute attacks at machine speed.” Security teams have also observed marketplaces selling tools that attempt to defeat identity checks using deepfakes and voice manipulation, raising the risk of fraud and account takeovers.

CertiK outlined defensive uses of AI as well. Automated scanning tools and an increase in bug-bounty submissions have helped identify vulnerabilities more quickly. Some security teams are testing advanced models to surface bugs before attackers can exploit them.

The firm’s data show a rise in the size and impact of breaches. CertiK reported $3.3 billion in crypto thefts for 2025, with supply-chain breaches accounting for about $1.45 billion of that total, including a single $1.4 billion incident earlier in the year. The average size of a crypto hack rose to $19.5 million in 2025.

Regulatory action has followed the trend in threats. On April 9, the U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection expanded a cybersecurity threat identification program to include digital asset firms, increasing government attention on operational risk and third-party dependencies in the sector.

To reduce exposure, Newson recommended that investors verify the authenticity of URLs and smart contracts to guard against phishing and consider moving assets not used regularly into cold wallets so private keys are not exposed online. She urged crypto platforms to reduce single points of trust in cross-chain systems, strengthen vendor vetting and auditing of integrations, expand use of defensive AI tools, and participate more in coordinated disclosure and bug-bounty programs to identify vulnerabilities before they are exploited.

CertiK’s timeline of incidents and its investigator’s recommendations describe current attack methods and defensive steps available to firms and holders. The company’s findings include specific incident totals, links between attacks and infrastructure failures, and examples of social engineering that used AI-driven content.