Crypto losses fell 46.8% year-on-year to $1.32 billion within the first half of 2026, however crypto safety agency CertiK says the drop is deceptive, warning that attackers have gotten extra refined and harmful.
Phishing drove the majority of losses within the first quarter, totaling $508.2 million. Pockets compromises had been the most important assault vector within the second quarter, contributing to $807.5 million in losses, CertiK mentioned in a report.
Greater than 70% of the losses in Q2 got here from the KelpDAO and Drift Protocol hacks, that are believed to have been carried out by North Korean state-sponsored hackers.
“A headline studying of ‘losses down practically 50%’ would counsel a meaningfully safer ecosystem. The info doesn’t help that conclusion,” CertiK informed Cointelegraph, explaining that the losses within the prior yr interval had been skewed by the $1.4 billion Bybit hack — the most important crypto exploit in historical past.
The info exhibits that North Korean hackers proceed to pose one of many largest threats to the crypto trade, having stolen greater than $6 billion price of crypto since 2017, TRM Labs estimated in April.
Month-to-month change in crypto exploit quantities and variety of incidents throughout H1. Supply: CertiK
North Korean state actors blamed for crypto assaults
The KelpDAO and Drift Protocol incidents even sparked a gathering between US, Japanese and South Korean authorities late final month over how the nations can mitigate North Korea’s malicious cyber exercise and illicit income era.
The state officers additionally acknowledged that North Korean IT staff are more and more utilizing AI to boost their schemes — a growth that some cybersecurity leaders imagine has considerably elevated the size, pace and class of protocol exploits.
CertiK cautioned that the “trade is absorbing a structurally increased charge of assault exercise” than final yr and that — excluding the Bybit incident — assaults have gotten “focused and extra financially harmful per occasion.”
TRM Labs reached an analogous conclusion in its H1 2026 report on Wednesday, stating that the “decline in complete {dollars} stolen shouldn’t be mistaken for a safer atmosphere.”
“The decrease complete displays the absence of one other document setting theft, not a discount in attacker functionality.”
TRM’s evaluation discovered that the variety of incidents greater than doubled from 83 to 207 in H1, the very best quantity TRM has recorded throughout a six-month interval.
Good contract exploits accounted for 125 or 60% of the incidents in H1, TRM added.
Defending personal keys
CertiK mentioned personal keys and multisignature pockets administration stay the “most consequential safety floor” for attackers to use.
Associated: Crypto hack losses high $630M in April, highest since February 2025
CertiK urged crypto protocols and establishments holding important onchain property to harden each layer of personal key administration — from {hardware} safety and multisignature governance to even geographically spreading out the place signers are primarily based.
That is an “space the place safety funding yields uneven returns,” CertiK mentioned.
Crypto {hardware} pockets suppliers like Ledger have additionally lengthy warned customers to retailer seed phrases offline and by no means share them as a primary safeguard in opposition to phishing.
Journal: The tip of anonymity? AI may unmask crypto’s hidden identities

