In the first six months of 2026, the crypto industry suffered losses of $1.32 billion due to security incidents, according to a report by CertiK. This marks a 46.8% decrease year-over-year.
The CertiK Hack3d: H1 2026 Report is out.
At first glance, losses appear down 46.8%.
But the numbers can be misleading.
Remove one historic outlier, and H1 2026 losses were actually ~28% higher than the comparable period a year earlier.
The report explores the trends behind… pic.twitter.com/JZBabW6nzO
— CertiK (@CertiK) July 6, 2026
Analysts noted that the comparison with 2025 is skewed by the $1.4 billion hack of Bybit. Without this incident, the decline in losses would appear less significant.
According to the company, attacks are becoming more targeted, with the damage from major incidents increasing. In Q2 2026, losses surged by 59% compared to the previous quarter, reaching $807.5 million.
Source: CertiK. Source: CertiK.The primary contributors to the increase in losses during Q2 were attacks on KelpDAO and Drift Protocol, which accounted for over 70% of the quarterly damage, according to CertiK.
Source: CertiK.Analysts pointed out that phishing was the largest source of damage in Q1, while wallet compromises led in Q2. Notably, some major incidents, including Drift, combined social engineering with administrative procedure hijacking, rather than just simple key theft.
CertiK recommended enhancing the security of hardware infrastructure, signature management, and access procedures. Key measures include protecting private keys, distributing signers across different jurisdictions, and implementing additional controls for large transfers.
TRM Labs estimated the crypto industry's losses for the first half of the year at $972 million, less than half of the $2.3 billion reported for the same period in 2025. The discrepancy may be due to CertiK's broader definition of Web3 security incidents, which includes hacks, scams, and exploits.
According to TRM Labs, there were 207 separate incidents in the first half of the year, a record for any six-month period in their observations. Most incidents involved smart contract hacks, totaling 125 attacks, or about 60% of the total.
Source: TRM Labs.However, the most significant damage came from infrastructure and operational compromises. These attacks constituted about 15% of incidents but accounted for approximately 76% of all losses. Analysts attributed these to compromises of private keys, credentials, transaction signing systems, and other infrastructure managing access to funds.
TRM Labs estimated that North Korean groups are responsible for stealing approximately $643 million, or about 66% of all stolen funds in the first half of 2026. CertiK believes that the attacks on KelpDAO and Drift Protocol were carried out by North Korean hackers.
On June 25-26, delegations from the U.S., Japan, and South Korea discussed in Washington how to counter North Korean cyber activities. The agenda included cryptocurrency theft, money laundering, schemes involving IT workers, and other revenue-generating channels. According to the State Department, the countries aim to enhance coordination against such schemes, as they help finance Pyongyang's programs, including the development of weapons of mass destruction and ballistic missiles.
It is worth noting that in June, analysts from Unfolded and DeFiLlama reported that Q2 2026 set a record for the number of incidents: 83 hacks with a total damage of $755.3 million.
