TRM says 207 crypto hacks hit H1 2026, with North Korea-linked assaults driving about $643M of $972M in losses.
Crypto hackers carried out 207 assaults within the first half of 2026, in accordance with TRM knowledge. That marked the best quantity recorded for any six months.
Even so, whole stolen funds fell to $972 million throughout H1 2026. The determine was lower than half of the $2.3 billion stolen in H1 2025.
The report confirmed a break up between the variety of assaults and the worth stolen. Sensible contract exploits drove most circumstances, whereas infrastructure compromises precipitated most monetary harm.
TRM linked about 66% of stolen funds, or roughly $643 million, to North Korea-linked exercise. Most of that quantity got here from two main operations in April.
North Korea-Linked Assaults Drive Largest Losses
TRM stated North Korea-linked teams have been behind most stolen worth in H1 2026. The exercise was concentrated in two massive assaults involving Drift Protocol and KelpDAO. Collectively, these incidents accounted for about $577 million in stolen property.
Attackers carried out 207 crypto hacks in H1 2026 — a document for any six-month interval — however whole losses fell to USD 972 million, lower than half of the USD 2.3 billion stolen in H1 2025. Two distinct patterns clarify the divergence.
🔹 Infrastructure compromises made up roughly… pic.twitter.com/lLDiTjmrFM
— TRM Labs (@trmlabs) July 2, 2026
The Drift Protocol assault precipitated about $285 million in losses, in accordance with the report. KelpDAO suffered about $292 million in a separate April operation. These two circumstances made up a lot of the North Korea-linked whole for the interval.
The figures confirmed that fewer massive assaults can nonetheless form general crypto theft knowledge. Complete losses fell from H1 2025 as a result of no single theft matched the earlier yr’s document degree. Nonetheless, TRM stated the decrease greenback quantity didn’t present weaker attacker functionality.
Sensible Contract Exploits Push Incident Rely Larger
Sensible contract exploits accounted for many crypto hacks throughout H1 2026. These assaults helped push the incident rely from 83 in H1 2025 to 207 in H1 2026. The sharp rise confirmed that attackers continued to focus on code throughout decentralized finance platforms.
Nonetheless, sensible contract exploits made up a smaller share of whole stolen worth. TRM positioned the median loss per hack at about $219,000. The imply loss was about $4.7 million, exhibiting that a number of massive circumstances raised the typical.
This hole between median and imply losses confirmed a large unfold in assault dimension. Many incidents precipitated smaller losses, whereas a small group precipitated a lot bigger harm. Consequently, the variety of hacks rose whereas whole stolen funds declined.
Learn additionally: TRM Labs Reaches $1B Valuation After $70M Sequence C Funding Spherical
Infrastructure Weak spot Stays a Main Threat
Infrastructure and operational compromises made up about 15% of reported incidents in H1 2026. Nonetheless, they accounted for about 76% of whole stolen worth. TRM stated this class included weaknesses round key administration and signing techniques.
H1 2026: extra hacks than ever, losses underneath $1B. That is not excellent news.
TRM’s H1 2026 numbers: 207 hacks, a document, however solely $972M stolen, lower than half of H1 2025. Three issues are true without delay.
1. Incidents up, {dollars} down. Hacks greater than doubled (83 to 207), virtually all… https://t.co/GiSqrb8TDf
— Charles Guillemet (@P3b7_) July 2, 2026
The report confirmed that attackers gained the biggest returns from entry to operational controls. In these circumstances, stolen funds usually moved via compromised signing processes or uncovered infrastructure. This made infrastructure safety a central difficulty for crypto platforms dealing with massive balances.
TRM additionally famous that synthetic intelligence could change assault patterns throughout the sector. Automated instruments can scan code, configurations, and public techniques at greater velocity.
The report stated stronger key safety, zero belief techniques, and hardware-based controls have gotten extra vital.
