Crypto hacks fell 47% in H1 but ecosystem is no safer: CertiK
window 24h
IN SHORT
Crypto hacks saw a significant drop in the first half of 2026, with losses falling by 46.8% to $1.32 billion. Despite this decrease, security experts warn that the ecosystem remains vulnerable. Sophisticated attackers, including North Korean state actors, are employing more destructive methods like wallet compromises and phishing. In a separate incident, Summer.fi's Lazy Summer Protocol was targeted by a suspected flash loan exploit, resulting in an estimated $6 million loss primarily in DAI, exploiting a known vulnerability in ERC-4626-style vaults.
✉Newsletter
PiQ Daily
Pick your topics. Get only what matters, on your cadence.
Key Numbers
46.8%crypto hack losses decrease H1 2026
$1.32 billiontotal crypto losses H1 2026
$65.4 millionflash loan amount used in Summer.fi exploit
$6 millionestimated amount stolen from Summer.fi
Who's Involved
CertiK
blockchain security firm reporting on crypto hacks
Total crypto losses in H1 2026 were $1.32 billion.
Sophisticated attackers, including North Korean state actors, are driving exploits.
Wallet compromises and phishing are key attack vectors.
Summer.fi's Lazy Summer Protocol was targeted by a suspected flash loan exploit.
An attacker used a $65.4 million loan to manipulate vault accounting.
Approximately $6 million was stolen from Summer.fi, primarily in DAI.
The exploit targeted an ERC-4626-style vault, a known vulnerability.
In the first half of 2026, cryptocurrency hacks experienced a substantial decline, with reported losses decreasing by 46.8% year-on-year to $1.32 billion. However, blockchain security firm CertiK cautions that this reduction in financial losses does not indicate an improvement in the overall safety of the crypto ecosystem. The firm highlights that sophisticated threat actors, including state-sponsored groups from North Korea, are increasingly responsible for more destructive exploits. Key attack vectors identified include wallet compromises and phishing schemes, which are proving effective against users and platforms.
In a more recent development, the decentralized finance (DeFi) platform Summer.fi has been targeted by a suspected flash loan exploit. The incident, which affected Summer.fi's Lazy Summer Protocol, involved an attacker leveraging a $65.4 million flash loan. This large loan was used to manipulate the accounting within the protocol's vaults, ultimately allowing the attacker to steal approximately $6 million. The stolen funds were primarily in the DAI stablecoin. Security researchers noted that the exploit specifically targeted an ERC-4626-style vault, a type of smart contract vault that has known vulnerabilities.
The broader context of these exploits underscores persistent security challenges within the cryptocurrency space. While overall financial losses may fluctuate, the nature of attacks is evolving, with attackers becoming more sophisticated and exploiting specific, known weaknesses in smart contract designs. The reliance on complex financial instruments like flash loans and the use of standardized vault implementations, such as ERC-4626, present ongoing risks that require continuous vigilance and robust security measures from developers and users alike.
↳ Why This Matters
In the first half of 2026, cryptocurrency hacks experienced a substantial decline, with reported losses decreasing by 46.8% year-on-year to $1.32 billion. However, blockchain security firm CertiK cautions that this reduction in financial losses does not indicate an improvement in the overall safety of the crypto ecosystem. The firm highlights that sophisticated threat actors, including state-sponsored groups from North Korea, are increasingly responsible for more destructive exploits. Key attack vectors identified include wallet compromises and phishing schemes, which are proving effective against users and platforms.
Frequently asked questions
Total crypto losses in the first half of 2026 fell to $1.32 billion, a 46.8% decrease year-on-year.
The decrease is misleading because the previous year's losses were heavily skewed by a single, massive hack (Bybit). The underlying number of incidents and the sophistication of attacks have increased.
The KelpDAO and Drift Protocol hacks, which accounted for over 70% of Q2 losses, are believed to have been carried out by North Korean state-sponsored hackers.
Phishing drove significant losses in Q1, while wallet compromises were the biggest attack vector in Q2. Private key management is identified as a critical security surface.
What Happens Next
01Authorities continue to discuss strategies to mitigate North Korea's cyber activities.
02Crypto protocols are urged to enhance private key management security measures.
Get the newsletter.
Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.