Crypto security incidents hit record 158 in H1 2026 as losses fall to about $929M

AI Market Summary
H1 2026 logged a record 158 disclosed crypto security incidents, but total losses fell to ~$929M vs $2.3B in H1 2025, implying more frequent but smaller attacks with theft concentrated in a few events (e.g., Drift’s ~$295M). North Korea-linked groups accounted for ~66% of stolen funds, highlighting persistent state-backed risk. Ethereum remained the most targeted chain, reinforcing DeFi security overhang.
Impact level
● Medium
Affected assets
ETH/USDT+1.97%
AI Insight · ETH/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
CoinDesk reports that aggregated figures from blockchain security firm SlowMist show 158 publicly disclosed crypto security incidents in the first half of 2026, a record for the period. Total losses were about $929 million, well below the $2.3 billion stolen in H1 2025, pointing to more frequent attacks but smaller losses per incident. Researchers say hackers appear to be shifting toward a higher volume of medium-to-small attacks, while a handful of major cases still account for most of the stolen funds. The largest single incident was at Drift Protocol, where roughly $295 million was taken, the biggest crypto attack recorded in the first half of the year. The report estimates North Korea-linked groups stole about $643 million, around 66% of total losses, underscoring a gap between typical attackers and organized, state-backed actors with the capability to execute larger-scale heists. Key figures for H1 2026: - Publicly disclosed incidents: 158 - Total losses: about $929 million - Share attributed to North Korea-linked groups: about 66% Ethereum remained the most targeted network, with 56 incidents, followed by BNB Chain, Base, and Arbitrum. SlowMist attributes Ethereum's exposure to its dominance in DeFi and the large volume of assets locked on-chain. By month, May recorded the most incidents at 41, with June and April at 36 and 34. Losses were most severe in April, when about $631 million was stolen in a single month, nearly 68% of first-half losses. Smart contract flaws were the most common entry point, but the biggest dollar losses came from compromised private keys and administrator credentials, representing about 40% of total losses. Incidents cited include Drift Protocol, Humanity Protocol, Resolv, Wasabi Protocol, Gravity Bridge, Fluid, StablR, and Polymarket. The report also flags oracle manipulation as a persistent DeFi risk. Cases including Blend Pools V2, Aave V3, Sharwa Finance, Edel, and Ploutos Money show how corrupted price feeds can be used to move funds and drain liquidity, even in projects that have undergone security audits. AI-driven crypto scams are rising as well. Citing Chainalysis's 2026 Crypto Crime Report, SlowMist says these schemes are about 4.5 times more profitable than traditional fraud, with attackers using AI-generated video and voice to bypass exchange checks, mislead customer support, or impersonate executives to trigger large transfers. Fund recovery remains limited. Among larger-scale attacks in H1 2026, only one project fully recovered stolen assets, while two others together froze more than $74 million. More than $620 million is considered largely unrecoverable. Over the long term, the report counts 2,172 publicly disclosed blockchain security incidents since Bitcoin's inception, with cumulative losses exceeding $37.88 billion. It adds that the attack surface has broadened beyond early smart contract exploits to include private keys, cross-chain bridges, centralized exchanges, wallets, governance systems, and third-party infrastructure.