Key facts
- Crypto losses decreased by 46.8% year-on-year to $1.32 billion in the first half of 2026.
- Despite the overall decrease, CertiK warns the crypto ecosystem is not safer due to sophisticated attackers.
- Wallet compromises were the primary attack vector in Q2, contributing to $807.5 million in losses.
- KelpDAO and Drift Protocol hacks, attributed to North Korean state-sponsored hackers, were major contributors to Q2 losses.
- North Korean hackers are estimated to have stolen over $6 billion in crypto since 2017.
- The number of crypto incidents more than doubled in H1 2026 compared to the previous year.
Crypto losses saw a significant year-on-year decrease of 46.8% in the first half of 2026, totaling $1.32 billion. However, crypto security firm CertiK warns that this decline is misleading and the ecosystem remains vulnerable.
Phishing attacks were the primary driver of losses in the first quarter, amounting to $508.2 million. In the second quarter, wallet compromises emerged as the dominant attack vector, contributing to $807.5 million in losses. A substantial portion of these Q2 losses, over 70%, stemmed from the KelpDAO and Drift Protocol exploits, which are attributed to North Korean state-sponsored hackers.
CertiK highlighted that the prior year's figures were skewed by the record $1.4 billion Bybit hack, suggesting that while headline loss figures may decrease, the underlying threat landscape is evolving. North Korean hackers continue to be a major concern, having allegedly stolen over $6 billion in cryptocurrency since 2017, according to TRM Labs.
The severity of these attacks, particularly those linked to North Korea, prompted a meeting between US, Japanese, and South Korean authorities to address malicious cyber activities and illicit revenue generation. Cybersecurity leaders also note the increasing use of AI by North Korean IT workers to enhance their schemes, potentially increasing the scale and sophistication of exploits.
CertiK cautioned that the industry is experiencing a structurally higher rate of attack activity compared to the previous year. Excluding the Bybit incident, attacks are becoming more targeted and financially destructive per event. TRM Labs corroborated this, noting that the reduction in total dollars stolen does not indicate a safer environment but rather the absence of another record-breaking theft. TRM's analysis revealed a more than doubling of incidents in H1 2026, with smart contract exploits accounting for 60% of these events.
CertiK emphasized that private keys and multisignature wallet management remain critical security vulnerabilities. The firm urged crypto protocols and institutions to strengthen all layers of private key management, including hardware security, governance, and geographic distribution of signers, stating that security investments in this area yield asymmetric returns.