Despite 47% Drop in H1 Crypto Hacks, Industry Faces Greater Risks: CertiK Warning

Despite 47% Drop in H1 Crypto Hacks, Industry Faces Greater Risks: CertiK Warning

According to Web3 security company CertiK, cryptocurrency exploits decreased 47% compared to the same period last year, reaching $1.32 billion in the first half of 2026, though the firm cautions that individual attacks are proving more "financially destructive" than in previous periods.

During the first six months of 2026, cryptocurrency-related losses declined by 46.8% on a year-over-year basis, totaling $1.32 billion, yet blockchain security company CertiK maintains the reduction in figures presents a deceptive picture, issuing a warning that malicious actors are evolving with greater sophistication and causing more devastating damage.

During the first quarter, phishing attacks accounted for the majority of financial losses, reaching a total of $508.2 million. The second quarter saw wallet compromises emerge as the primary attack method, resulting in $807.5 million in stolen funds, according to findings published in CertiK's report.

"A headline reading of 'losses down nearly 50%' would suggest a meaningfully safer ecosystem. The data does not support that conclusion," CertiK told Cointelegraph, explaining that the losses in the prior year period were skewed by the $1.4 billion Bybit hack — the largest crypto exploit in history.

The data shows that North Korean hackers continue to pose one of the biggest threats to the crypto industry, having stolen more than $6 billion worth of crypto since 2017, TRM Labs estimated in April.

Monthly change in crypto exploit amounts and number of incidents
Monthly fluctuations in cryptocurrency exploit values and incident frequency throughout the first half of the year. Source: CertiK

North Korean state actors blamed for crypto attacks

Security breaches affecting KelpDAO and Drift Protocol ultimately triggered a high-level conference between authorities from the United States, Japan and South Korea in late last month, focused on developing collaborative strategies to counter North Korea's harmful cyber operations and illegal revenue-generating activities.

During the meeting, government representatives also recognized that North Korean information technology workers are progressively leveraging artificial intelligence technologies to amplify their fraudulent operations — a trend that certain cybersecurity experts consider to have dramatically amplified the magnitude, velocity and complexity of protocol exploitation attempts.

CertiK cautioned that the "industry is absorbing a structurally higher rate of attack activity" than last year and that — excluding the Bybit incident — attacks are becoming "targeted and more financially destructive per event."

TRM Labs reached a similar conclusion in its H1 2026 report on Wednesday, stating that the "decline in total dollars stolen should not be mistaken for a safer environment."

"The lower total reflects the absence of another record setting theft, not a reduction in attacker capability."

According to TRM's analytical findings, the quantity of security incidents more than doubled, jumping from 83 to 207 during the first half of the year, representing the highest incident count TRM has documented within any six-month timeframe.

Exploitations targeting smart contracts represented 125 incidents or 60% of all security breaches recorded in H1, TRM added.

Protecting private keys

According to CertiK, private key security and multisignature wallet administration continue to represent the "most consequential security surface" that malicious actors seek to compromise.

CertiK strongly advised cryptocurrency protocols and institutions that maintain substantial onchain asset holdings to strengthen every aspect of private key protection — ranging from hardware security measures and multisignature governance protocols to implementing geographic distribution strategies for where individual signers are physically located.

This is an "area where security investment yields asymmetric returns," CertiK said.

Hardware wallet manufacturers for cryptocurrency such as Ledger have similarly maintained long-standing recommendations for users to keep seed phrases in offline storage and never disclose them to anyone as a fundamental protective measure against phishing attempts.