Crypto Hacks Fell 47% in H1, Yet CertiK Says the Ecosystem Remains Deeply Unsafe

Crypto Hacks Fell 47% in H1, Yet CertiK Says the Ecosystem Remains Deeply Unsafe
Table of Contents

TL;DR:

  • Crypto hacks in the first half of 2026 fell 46.8% year-over-year, but the number of incidents doubled, from 83 to 207.
  • KelpDAO and Drift Protocol accounted for more than 70% of Q2 losses, both incidents attributed to North Korean state-sponsored hackers.
  • CertiK and TRM Labs warn the ecosystem is not safer: hackers are becoming more targeted and destructive.

Hacks in the crypto industry fell nearly in half in terms of total losses during the first half of 2026, but security firms warn that figure conceals a more concerning reality. According to a report published by CertiK, losses dropped 46.8% year-over-year to $1.32 billion, a reduction the company itself describes as misleading.

The comparison with the previous period is distorted by the Bybit hack in 2025, the largest exploit in crypto history, which alone caused the loss of $1.4 billion. “A surface-level reading of ‘losses down nearly 50%’ would suggest a significantly safer ecosystem. The data does not support that conclusion,” CertiK noted.

CertiK: The Enemy Has a Name and Address

Phishing dominated the first quarter: $508.2 million in losses, while in the second quarter wallet attacks became the primary vector, causing losses of $807.5 million, an increase of 59% compared to the previous quarter. More than 70% of those losses corresponded to the hacks of KelpDAO and Drift Protocol, attributed to North Korean groups sponsored by the state.

Hackers exploit certik trm labs

North Korean Hackers Stole More Than $6 Billion

The scale of the North Korean threat has become more than alarming: according to estimates from TRM Labs published in April, these hackers have stolen more than $6 billion in crypto assets since 2017. The KelpDAO and Drift incidents even prompted a meeting between authorities from the United States, Japan and South Korea to coordinate responses against Pyongyang’s malicious cyber activity. That meeting also acknowledged that North Korean IT workers are using artificial intelligence to scale up the scope and sophistication of their operations.

Lazarus group

Private Keys Are the First Line of Defense

TRM Labs, in its own first-half report, reached similar conclusions. The number of incidents doubled, from 83 to 207, the highest figure the firm has documented in a six-month period. Smart contract exploits accounted for 125 of those cases, equivalent to 60% of the total.

Given that scenario, CertiK identified private key management and multisignature wallets as the most critical attack surface. The firm recommended reinforcing every layer of key custody, from hardware security to the geographic distribution of signers. Ledger, for its part, has for years reiterated the basic recommendation of keeping seed phrases offline and never sharing them under any circumstances.

RELATED POSTS

Ads

Follow us on Social Networks

Crypto Tutorials

Crypto Reviews