Losses resulting from attacks in the cryptocurrency ecosystem decreased by 46.8% on an annual basis in the first half of 2026, falling to 1.32 billion dollars. However, blockchain security company CertiK warned that this decline alone does not mean a more secure environment. The company stated that attackers are using more advanced methods and the financial impact per incident is increasing.
The table changed in the first half
According to CertiK data, the largest portion of losses in the first quarter resulted from phishing attacks and the total loss was 508.2 million dollars. In the second quarter, wallet seizure cases came to the fore. Under this heading, losses reached 807.5 million dollars.
CertiK emphasized that the fact that losses seem to have decreased by almost 50% does not support the conclusion that the ecosystem has become significantly safer, and that last year’s period was exceptionally inflated due to the Bybit attack on a historical scale.
The company pointed out that the data for the same period last year was strongly affected by the $1.4 billion Bybit attack. The incident in question was recorded as one of the largest attacks in the history of cryptocurrency. For this reason, it is considered that the annual decline rate alone does not indicate a structural improvement in security.
North Korea-related threats come to the fore
According to an estimate shared by TRM Labs in April, North Korea-linked hacker groups have stolen over $6 billion in crypto assets since 2017. The company is known as an analysis organization working in the field of blockchain intelligence and financial crime investigations.
Following the KelpDAO and Drift Protocol incidents, US, Japanese and South Korean officials met late last month. The talks discussed how to limit North Korea’s malicious cyber activities and its ability to generate illicit revenue.
Mini dictionary: A multi-signature wallet is a wallet structure that requires more than one authorized signature to confirm a transaction. This model aims to reduce the risk in case a single key is compromised.
TRM Labs noted that the decrease in the total amount stolen should not be confused with a safer environment, as the number of incidents increased significantly in the first half of 2026.
The number did not decrease, the number of cases increased
TRM Labs data revealed that the number of attacks increased from 83 to 207 in the first half of 2026. This level was the highest number of incidents recorded by the company for a six-month period. Smart contract vulnerabilities accounted for 60% of the total incidents, with 125 incidents.
| Indicator | Data |
|---|---|
| 2026 first half total loss | $1.32 billion |
| Annual change | 46.8% decrease |
| Loss due to phishing in the first quarter | $508.2 million |
| Loss due to wallet compromise in the second quarter | $807.5 million |
| Number of incidents in the first half of 2026 | 207 |
CertiK argued that, excluding the Bybit incident, the sector has structurally absorbed a higher attack tempo compared to last year. According to the company, attacks are now more targeted and have more severe financial consequences per incident.
The most critical weak link is private key management
CertiK stated that private keys and multi-signature wallet management remain the most critical security surface for attackers. Therefore, he emphasized that protocols and institutions that hold large amounts of on-chain assets must strengthen every layer, from hardware security to multi-signature governance and geographical distribution of signature authorities.
Ledger, one of the hardware wallet manufacturers, has long recommended that recovery phrases be stored offline and not shared under any circumstances as a basic precaution. This approach is seen as the first line of defense, especially against phishing attempts.


