Retail Crypto Falls 11%; Bitcoin ETFs Draw $1.9B, Hacks Loom

TRM Labs reported that global retail crypto activity fell 11% year-over-year in the first quarter, with retail volumes dropping to $979 billion. The decline was the second consecutive quarterly contraction and the largest pullback since the 2022 bear market. TRM cited a stronger U.S. dollar, higher interest rates and a broader risk-off environment as factors that reduced retail participation. Bitcoin fell about 22% during the quarter after peaking above $126,000 in late 2025. TRM noted that Turkey and several emerging markets showed relative resilience.

U.S.-listed spot Bitcoin exchange-traded funds recorded a seven-day net inflow streak totaling roughly $1.9 billion, with one day in the period posting $335.8 million in inflows, according to Farside data. That seven-day total topped a prior streak in March that amounted to about $1.2 billion. Wallet Pilot data shows U.S. spot Bitcoin ETFs hold about 1.3 million BTC, roughly $103 billion in assets under management. BlackRock’s iShares Bitcoin Trust (IBIT) accounted for about $1.4 billion of the seven-day inflows, or more than 73% of the total, and holds approximately 809,870 BTC, about 62% of the sector’s AUM. Bitcoin rose about 11% over the prior 30 days and briefly topped $79,000.

CertiK identified four likely drivers of major hacks in 2026: phishing, real-time deepfake-enabled social engineering, supply-chain compromises and vulnerabilities in cross-chain bridges and messaging systems. Natalie Newson, senior blockchain investigator at CertiK, warned that accelerated use of artificial intelligence could worsen certain crypto attacks and stated, “In some aspects, the acceleration of AI will only worsen crypto attacks.”

The industry recorded more than $600 million in thefts so far in 2026. Two April incidents linked to North Korea-affiliated actors accounted for large losses: a $293 million exploit of Kelp DAO tied to a single point-of-trust failure in the cross-chain messaging infrastructure of LayerZero, and an approximately $280 million exploit of the Drift Protocol. Investigators also reported that North Korea-linked actors used AI tools in a long-running social engineering campaign that took about $100,000 from hot wallets connected to a crypto wallet service in mid-April. TRM Labs reported that the average size of crypto thefts rose to about $19.5 million per incident in 2025.

Security firms and project teams have emphasized tighter controls over bridge trust models, third-party code dependencies and wallet safety practices in response to evolving technical and social-engineering threats.