TL;DR:
- Hacken recorded $482 million in losses across 44 incidents during Q1 2026, with phishing as the leading attack vector.
- A $282 million hardware wallet scam in January accounted for more than half of the quarter’s total damage, according to Hacken’s report.
- Six audited projects, including Resolv with 18 audits, accumulated $37.7 million in losses during the analyzed period.
The Web3 ecosystem lost $482 million in hacks and scams during the first quarter of 2026, according to the quarterly report by Hacken, a firm specializing in blockchain security. The period recorded 44 incidents in total, with phishing and social engineering attacks as the dominant category: $306 million in losses were attributed solely to that vector. A single hardware wallet scam in January, valued at $282 million, concentrated more than half of the economic damage suffered during the quarter.
Exploits targeting smart contracts caused additional losses of $86.2 million, while access control failures — compromised keys and vulnerable cloud services — contributed another $71.9 million. Despite the scale, the quarter ranks as the second lowest-loss first quarter since 2023, primarily due to the absence of a catastrophic event comparable to the Bybit hack, which in the same period of 2025 resulted in the theft of $1.46 billion.
Where Web3 security breaks right now isn’t always where teams are looking.
We’re hosting a live panel on how risk actually shows up in practice: across infra, detection, and compliance – based on Q1 '26 data.
🗓 April 16, 2 PM UTC@LearnMoreWithC4 × @svrn_ai × @kucoincom ×… pic.twitter.com/Px35mJlVjH
— Hacken🇺🇦 (@hackenclub) April 13, 2026
Hacken: Failures Happen Outside the Code
Yev Broshevan, CEO and co-founder of Hacken, noted that the costliest losses “occur outside the code layer”, in operational infrastructure that traditional audits rarely cover. The report cites the case of Step Finance, which lost $40 million in a fake venture capital call linked to North Korean operators, and that of Resolv Labs, whose AWS keys were compromised for $25 million.
Even where smart contracts failed, the most costly bugs involved legacy code: Truebit lost $26.4 million due to a vulnerability in a Solidity contract deployed five years ago, while Venus Protocol was hit by an attack pattern documented since 2022.
The North Korean Threat
Hacken identifies a simultaneous tightening of regulatory frameworks such as MiCA and DORA in the European Union, new Singapore requirements aligned with Basel standards including mandatory one-hour breach notification, and the expansion of powers by the Capital Markets Authority of the United Arab Emirates over digital assets.
The firm links these frameworks to a new infrastructure standard that includes daily proof-of-reserves, permanent onchain monitoring and automated circuit-breakers in governance functions.
North Korean hacker groups are consolidating as the most persistent operational threat, with a playbook that combined fake VC calls, malicious video call tools and compromised endpoints to extract approximately $2.04 billion from the market during 2025.
