Crypto hacks fall 47% in H1 but attacks grow more sophisticated

H1 2026 crypto losses fell 46.8% to $1.32B, CertiK reported, but the firm warned attackers are more sophisticated, noting Q1 phishing losses of $508.2M and Q2 wallet losses of $807.5M.

Crypto losses fell 46.8% year on year to $1.32 billion in the first half of 2026, according to a CertiK report. The firm cautioned that the decline in dollars stolen does not indicate weaker attacker capability.

Phishing accounted for $508.2 million in first-quarter losses, while wallet compromises were responsible for $807.5 million in the second quarter. More than 70% of Q2 losses were linked to breaches of KelpDAO and Drift Protocol, incidents investigators attribute to North Korean state-sponsored actors.

The report noted that last year’s totals were inflated by a $1.4 billion exploit of Bybit. CertiK wrote: “A headline reading of ‘losses down nearly 50%’ would suggest a meaningfully safer ecosystem. The data does not support that conclusion.”

An independent analysis by TRM Labs reached a similar conclusion, finding the lower total dollars stolen reflects the absence of another record-setting theft rather than reduced attacker skill. TRM recorded 207 incidents in H1, up from 83 a year earlier, and identified 125 smart contract exploits, about 60% of the total incidents.

The KelpDAO and Drift breaches prompted officials from the United States, Japan and South Korea to meet about measures to counter illicit crypto revenue linked to North Korean actors. TRM estimated in April that those actors have stolen more than $6 billion in crypto since 2017. Officials acknowledged that North Korean IT personnel are increasingly using artificial intelligence to increase the speed and scale of their operations.

CertiK highlighted private keys and multisignature wallet management as the primary security surface exploited by attackers. The report urged protocols and institutions holding large on-chain assets to strengthen hardware security, multisignature governance and to disperse signers geographically. Hardware wallet providers recommend storing seed phrases offline and never sharing them to reduce exposure to phishing.

The report also stated the industry is “absorbing a structurally higher rate of attack activity” and warned that, without another record-scale exploit, aggregate loss figures will understate the growing sophistication of attackers.

The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.

Articles by this author