In the first half of 2026, the number of attacks against the cryptocurrency ecosystem reached a record level. According to TRM Labs data, there were 207 separate incidents in the six-month period between January and June and the total loss was 972 million dollars. While the number of cases increased significantly, the total loss decreased compared to the same period last year.
The number of cases increased, total damage decreased
TRM Labs recorded 83 events in the first half of 2025. In the same period this year, the number reached 207. Thus, the number of incidents more than doubled in one year. The company stated that the increase was not caused by a single major attack, but occurred with more frequent but relatively small-scale exploits spread throughout the year. In the second quarter alone, 123 incidents were recorded.
TRM Labs is known as a research company working in the field of blockchain analysis and financial crime tracking.
TRM Labs announced that there were 207 cryptocurrency attacks in the first half of 2026, the highest level ever in six-month periods, while the total loss remained at $ 972 million, well below the $ 2.3 billion in the first half of 2025.
The most common type of attack was smart contract vulnerabilities. 125 of the total 207 incidents were in this category. These attacks mainly targeted decentralized finance applications, decentralized exchanges and token projects. TRM Labs noted that attackers more often resort to combining multiple code interventions within the same incident rather than a single method.
Mini dictionary: Smart contracts are pieces of code that run automatically when certain conditions are met on the blockchain. Logical errors in these structures or weaknesses in authorization controls may lead attackers to withdraw funds.
| Indicator | 2025 first half | 2026 first half |
|---|---|---|
| Total incident | 83 | 207 |
| Total loss | $2.3 billion | $972 million |
| median damage | Not specified | $219 thousand |
North Korea-related attacks came to the fore
Approximately $643 million of the total stolen amount was associated with North Korea-related activities. This figure accounted for approximately 66 percent of the total losses recorded during the period. Most of the losses were collected in two attacks in April.
These incidents targeted Drift Protocol and KelpDAO. According to TRM Labs data, approximately 285 million dollars were lost in the Drift Protocol attack and approximately 292 million dollars in the KelpDAO incident. The total damage from the two attacks reached 577 million dollars.
North Korea-related activities accounted for approximately $643 million in losses, approaching two-thirds of the total losses; A significant part of this table resulted from two major attacks against Drift Protocol and KelpDAO in April.
A small number of infrastructure breaches accounted for most of the damage
Infrastructure and operations-related breaches accounted for only about 15 percent of total incidents. Despite this, approximately 76 percent of the total loss came from this group. TRM Labs stated that such attacks target signature systems, access information and asset control infrastructure rather than on-chain code vulnerabilities.
In contrast, although smart contract exploits dominated the number of incidents, they constituted a more limited portion of the stolen funds. The report also included information that an incident called a wrench attack, which was carried out with physical force, caused a loss of approximately 24 million dollars.
TRM Labs noted that organizations should strengthen their key management systems and transfer approval processes while maintaining smart contract audits. According to the company, although small-scale vulnerabilities are more common, major infrastructure breaches continue to be the main factor determining the total annual loss.


