Skip to main content

Crypto Hacks Drop 47% in H1, but Smart-Contract Risks Persist: CertiK



Crypto losses from hacks and scams dropped in the first half of 2026, according to new figures cited by CertiK. In the period, overall losses fell 46.8% year-on-year to $1.32 billion—yet the security firm argues the headline decline is deceptive, pointing to a shift toward more targeted and destructive attacks.



CertiK’s report breaks the half-year down by quarter: phishing drove $508.2 million in losses in Q1, while wallet compromises became the dominant threat in Q2 with $807.5 million attributed to that attack vector. The firm also highlighted that more than 70% of Q2 losses came from two major incidents—KelpDAO and Drift Protocol—events tied to North Korean state-sponsored hacking activity.



Key takeaways



  • First-half 2026 crypto losses fell 46.8% year-on-year to $1.32 billion, but CertiK says the reduction does not indicate a safer ecosystem.

  • Attack dynamics shifted: phishing dominated Q1 ($508.2M), while wallet compromises were the largest driver in Q2 ($807.5M).

  • Over 70% of Q2 losses were linked to the KelpDAO and Drift Protocol hacks, which are believed to involve North Korean state-sponsored actors.

  • CertiK warns attackers are becoming more “targeted and more financially destructive per event,” even if total dollars stolen appear lower.

  • TRM Labs reported a sharp rise in the number of incidents in H1 2026 (83 to 207), reinforcing that volume—not just dollar totals—matters.



Why “losses down” may be the wrong signal


At first glance, the year-on-year decline looks encouraging. CertiK, however, cautions against interpreting the data as evidence that security has improved. The firm told Cointelegraph that a “headline reading” of losses down nearly 50% could mislead readers because the prior-year comparison was distorted by an exceptionally large theft.



CertiK specifically referenced the $1.4 billion Bybit hack as the type of outlier that can skew year-over-year comparisons. In the same reporting, CertiK noted that such comparisons can mask underlying changes in attacker behavior—particularly as threat actors adapt tactics and select targets more precisely.



This is where the firm’s analysis becomes investor- and operator-relevant: if the ecosystem is seeing fewer total dollars stolen but more attacks that are more damaging per incident, then risk is not actually decreasing. Traders may feel this first as volatility tied to exploit headlines, but the deeper impact lands on protocols, custodians, and institutions that must continually adjust defensive controls.



Phishing vs. wallet compromise: Q1 and Q2 split


CertiK’s quarterly breakdown shows how different attack categories shaped the first half of the year. In Q1, phishing was responsible for the bulk of losses, totaling $508.2 million. By Q2, the picture changed significantly: wallet compromises contributed $807.5 million, making that category the largest single driver of losses during the quarter.



For market participants and builders, that shift matters because it points to different failure modes. Phishing typically targets human behavior—seed phrases, approvals, and credentials—while wallet compromise often reflects deeper weaknesses around key custody, multisignature operations, signing procedures, and operational security. The change in the dominant vector suggests defenders cannot rely on improvements in one area alone; they have to treat the security stack as layered.



North Korean hacking remains central, and volume may be rising


CertiK’s report places disproportionate emphasis on state-linked activity during Q2. More than 70% of the losses in the quarter came from the KelpDAO and Drift Protocol hacks. Cointelegraph previously reported on both incidents, including coverage of KelpDAO being exploited and the Drift Protocol hack raising questions about the protocol’s response.



Beyond the immediate losses, the incidents also intersect with government-level discussion. The attacks reportedly even prompted a late-month meeting between US, Japanese and South Korean authorities focused on mitigating North Korea’s cyber activity and illicit revenue generation. Officials also acknowledged that North Korean IT workers are increasingly using AI to improve their schemes—an issue cybersecurity leaders believe can increase the scale, speed, and sophistication of protocol exploitation.



CertiK’s broader warning aligns with another dataset. TRM Labs, in its H1 2026 reporting, argued that declining total dollars stolen should not be mistaken for a safer environment. In TRM’s analysis, the number of incidents more than doubled from 83 to 207 in the first half of 2026, the highest number TRM has recorded across a six-month period. TRM also found that smart contract exploits accounted for 125 incidents—about 60% of all events—in H1.



That juxtaposition is important: even if fewer dollars are being stolen than in a year with record outliers, the ecosystem can still be exposed to a higher frequency of attacks. More incidents mean more operational disruptions, more incident response overhead, and more opportunities for failures—especially in fast-moving DeFi environments.



Private key management: the “most consequential” security surface


CertiK singled out private key handling as the area most likely to determine outcomes for attackers. According to the firm, private keys and multisignature wallet management remain the “most consequential security surface” for exploitation—particularly because weaknesses there can enable large transfers even when other controls appear in place.



To address this, CertiK urged protocols and institutions holding significant onchain assets to harden every layer of private key management. The recommendations span hardware security, multisignature governance, and even the geographic distribution of signers. The core argument is that defenses should be designed to reduce the chance that a single point of compromise results in irreversible loss.



CertiK also framed security investment as asymmetric: it said this is an area where spending on the right controls can produce unusually large risk reduction relative to the cost. That theme echoes long-standing guidance from hardware wallet providers. For example, Ledger has previously warned users to keep seed phrases offline and never share them, emphasizing that basic operational discipline remains one of the most effective barriers to phishing-driven theft.



While these recommendations may sound familiar, the data behind them—especially Q2’s wallet compromise losses—underscores that key management is not a “set it and forget it” task. Attackers often shift tactics toward whatever control surface shows the most leverage, and wallet compromise outcomes suggest that leverage is still available to criminals and state-linked groups.



Looking ahead, the key question is whether the first-half pattern persists: phishing-heavy losses in the first quarter followed by wallet compromises and concentrated state-linked incidents in the next. Readers should watch not only aggregate loss totals, but also incident frequency, which TRM’s reporting suggests is rising—an indicator that the threat environment may be intensifying even when dollar figures temporarily fall.



https://www.cryptobreaking.com/crypto-hacks-drop-47-in/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=Crypto%20Hacks%20Drop%2047%%20in%20H1,%20but%20Smart-Contract%20Risks%20Persist:%20CertiK%20

Comments

Popular posts from this blog

Mastercard Launches AI Agent Pay System With Ripple and Solana Help

Mastercard has launched Agent Pay for Machines, a payments system built for autonomous software agents. The service allows AI agents to send and receive payments without direct human action. It brings Ripple, Coinbase, and Solana Foundation into Mastercard’s push for automated digital commerce. Ripple Brings XRPL and RLUSD to Mastercard’s Agent Pay System Mastercard introduced Agent Pay for Machines on June 10 as a tool for machine-led payments. The system targets high-volume and low-value transactions across business and consumer use cases. It also supports automated settlement between software agents and connected machines. Ripple will support the system through the XRP Ledger and its RLUSD stablecoin. The company said that settlement will become more important as automated commerce grows. It also sees blockchain rails as useful for fast and rule-based payments. RippleX senior vice president Markus Infanger said XRPL and RLUSD support enterprise-grade agent payments. He said the tool...

Coinbase's x402 launches AI agents app store for payments

Coinbase-backed x402 has unveiled Agentic.market, a dedicated marketplace aimed at increasing the usefulness of AI agents by aggregating thousands of apps and services that agents can access without any API keys. The rollout positions the platform as a central hub for agents to discover, evaluate, and deploy capabilities across a standardized payments layer. Coinbase product lead Nick Prince described Agentic.market in a video posted on X as a storefront for discovering, comparing, and using x402 services. The marketplace is designed to give both humans and their AI agents access to a wide range of tools—from data feeds to consumer apps—without the friction of managing API credentials. A storefront for discovering, comparing, and using x402 services. Thousands of services. Zero API keys. Powered by x402. Prince added that the market offers a web interface for humans to browse and assess services, alongside a programming layer that lets AI agents autonomously search, filter, and integra...

Top Cryptocurrencies to Watch: BTC, ETH, BNB, XRP, Solana, Dogecoin & More

Market Analysis and Price Predictions for Key Cryptocurrencies Recent market dynamics reveal a cautious sentiment across the cryptocurrency landscape, with Bitcoin struggling to maintain levels above $90,000 and many major altcoins facing downward pressure. Indicators point toward reduced participation from both institutional and retail investors, raising concerns about a potential consolidation phase after notable gains earlier in the year. Bitcoin has fallen below $87,000, reflecting waning demand at higher price points. Institutional fund flows into BTC and ETH ETFs have turned negative, indicating a period of subdued market activity. Active addresses and Binance deposit/withdrawal activities are at annual lows, suggesting market indecision. Most leading altcoins are approaching support levels, with some poised for potential breakdowns. Tickers mentioned: Bitcoin, Ethereum, Binance Coin, XRP, Solana, Dogecoin, Cardano, Bitcoin Cash, Chainlink, Hyperliquid Sentiment: Neutral to Sli...