All news is rigorously fact-checked and reviewed by leading blockchain experts and seasoned industry insiders.

Crypto hacks, scams, and exploits caused over $1.3 billion in gross losses during the first half of 2026, with several large incidents dominating the recorded total.

TL;DR

  • Crypto hacks, scams, and exploits caused $1.316 billion in gross losses during the first half of 2026.
  • Kelp DAO, Drift Protocol, and one targeted phishing victim accounted for approximately 65% of that total.
  • The largest incidents compromised RPC infrastructure, administrative permissions, signing systems, or privileged devices rather than public smart contract code.
  • This ranking was prepared on July 17, leaving 167 days, or 45.8% of the year, for new incidents, recoveries, and revised attributions to change the list.

Crypto security losses reached $1.316 billion across 344 incidents during the first half of 2026, according to CertiK’s H1 security report. Approximately $115.3 million was frozen or returned, reducing the adjusted loss to around $1.2 billion.

The apparent improvement from 2025 needs context. The previous year’s first-half total included the exceptional $1.45 billion Bybit breach. Once that single event is excluded, CertiK estimates that comparable losses increased by approximately 28% in 2026.

The distribution of those losses is just as important as the total. The average incident cost approximately $3.82 million, while the median loss was only $138,703. The average was therefore more than 27 times the median, showing that a small number of extreme failures drove the overall result.

Three incidents alone, Kelp DAO, Drift Protocol, and a targeted $284 million phishing theft, accounted for approximately 65% of all reported first-half losses.

A Loss Ranking Needs More Than One Number

Crypto incident reports frequently compare figures that measure different forms of damage.

Gross loss

The value removed from a protocol or victim before recoveries.

Realized extraction

Assets the attacker successfully converted into transferable economic value.

Net loss

The amount still missing after freezes, returns, repayments, and recoveries.

User liabilities

Claims owed by a platform, which may be larger or smaller than the attacker’s original proceeds.

Notional exposure

The theoretical value of fraudulently issued or placed-at-risk assets, even when the attacker could not monetize the full amount.

The ranking below primarily uses reported gross losses. Recoveries, disputed valuations, and differences between attacker proceeds and platform liabilities are stated separately.

For incidents involving unbacked token creation, realized extraction is more meaningful than the face value of the fraudulent supply. Otherwise, an attacker who creates $100 million of an illiquid token but extracts $1 million of real collateral could incorrectly be ranked as having stolen the full $100 million.

The Largest Reported Crypto Losses of 2026

1. Kelp DAO – $292 Million

On April 18, attackers caused Kelp DAO’s Ethereum bridge contract to release approximately 116,500 rsETH without a corresponding token burn on the source chain.

Chainalysis’ investigation found that the attackers compromised two internal RPC nodes used by LayerZero’s Decentralized Verifier Network while simultaneously disrupting an external RPC endpoint through a distributed denial-of-service attack.

The manipulated nodes reported a source-chain burn that had never occurred. Because Kelp’s bridge configuration relied on a single verifier, no second independent network was required to confirm whether the reported burn was real.

The destination contract received a properly formatted and signed message and released the assets exactly as programmed. The failure occurred in the infrastructure supplying information to the contract, not in the contract’s execution of that information.

Kelp paused the affected contracts quickly enough to stop a second attempted withdrawal involving approximately 40,000 rsETH, then worth around $95 million. The Arbitrum Security Council subsequently froze 30,766 ETH linked to the attacker’s downstream activity.

Chainalysis and LayerZero attributed the operation to North Korea’s Lazarus Group, specifically its TraderTraitor subgroup. The attribution was made by parties directly involved in the investigation, although conclusions involving state-sponsored actors may still evolve as additional evidence emerges.

The amount frozen does not erase the original bridge-accounting failure. Gross losses, recoverable funds, attacker proceeds, and any remaining backing shortfall should be treated as separate figures.

2. Drift Protocol – $285 Million

Drift Protocol lost approximately $285 million on April 1 after attackers obtained administrative control of its Security Council.

According to Chainalysis, individuals posing as representatives of a quantitative trading company spent months building relationships with Drift contributors.

Security Council members were eventually persuaded to sign transactions using Solana’s durable-nonce feature, which allows validly signed transactions to be held and executed at a later time.

Those transactions transferred administrative control to an attacker-controlled address. Once that authority was obtained, the attackers removed withdrawal limits, approved a nearly worthless token called CVT as collateral, assigned it an artificial valuation, and deposited 500 million units.

The resulting position was used to withdraw USDC, SOL, ETH, and other assets carrying real external value.

The administrative takeover occurred through two transactions executed one second apart, but the subsequent withdrawals continued over a longer period. Describing the entire $285 million loss as occurring in 10 seconds would therefore be inaccurate.

Chainalysis based part of its reconstruction on Drift’s own investigation and noted that the account had not yet been independently verified through a completed third-party review. Preliminary evidence was consistent with previous North Korean operations, but formal attribution remained pending.

Drift later discussed approximately $295 million in user losses. That higher figure appears to represent platform liabilities rather than the attacker’s initial proceeds and should not be treated as an alternative estimate of the same quantity.

crypto hacker

3. Targeted Phishing Loss Reported by CertiK – $284 Million

A single individual lost approximately $284 million in a targeted social-engineering incident in January, according to CertiK.

The victim’s identity and the complete attack sequence have not been publicly disclosed. That limits the conclusions that can responsibly be drawn about the wallet configuration, the precise social-engineering method, and the prospects for recovery.

The scale is nevertheless significant. One privately controlled wallet produced almost as much financial damage as the Drift Protocol breach and exceeded the combined losses of most smaller protocol exploits recorded during the first half of the year.

CertiK counted $366.3 million in phishing losses across 63 incidents in H1. The number of phishing cases fell by 52.3% compared with the same period in 2025, but losses declined by only 10.8%.

Four incidents accounted for approximately 85% of all phishing losses.

The data suggest a change in target selection rather than the disappearance of phishing. Broad campaigns remain common, but the financial outcome is increasingly determined by a small number of carefully prepared operations directed at people or organizations controlling substantial onchain wealth.

4. Step Finance – Approximately $40 Million

Step Finance said approximately $40 million was drained from its treasury on January 31 after devices used by members of its executive team were compromised.

In its official incident update, the project said it recovered approximately $3.7 million in Remora assets and a further $1 million in other positions.

Earlier onchain estimates placed the loss closer to $27 million because they focused on the approximately 261,854 SOL initially identified leaving treasury wallets. Step’s later figure included a broader group of affected assets.

Using the project’s $40 million gross estimate while separately reporting the recovered amount produces a more complete picture than selecting one figure without explaining why the estimates differ.

The financial consequences of an attack can also extend beyond the amount transferred to the attacker. Emergency financing, legal expenses, user compensation, interrupted operations, and lost revenue can make the eventual business impact larger than the initial onchain withdrawal.

5. Humanity Protocol – $36 Million

Humanity Protocol suffered an attack on June 9 after a compromised device exposed wallet data and private keys associated with privileged project accounts.

In its official explanation, Humanity said the attacker copied private keys from the device and used them to execute the onchain attack.

The project also said the Ethereum H token contract was protected by a separate clean multisig and that its canonical mainnet bridge was not compromised.

Published estimates range from approximately $31 million to $36 million, partly because the stolen H tokens were valued at different market prices and at different stages of the incident.

The more important structural problem was the concentration of multiple privileged credentials on one compromised endpoint.

A multisignature arrangement only provides meaningful protection when its keys are separated across people, devices, locations, and administrative environments. Several credentials stored on or recoverable from the same computer can satisfy an onchain signature threshold while still operating as one practical point of failure.

6. Resolv Protocol – Approximately $26.8 Million

Resolv Protocol was exploited on March 22 after an attacker compromised its cloud infrastructure and gained access to a key controlled through AWS Key Management Service.

Resolv used an offchain service to authorize the creation of USR after users deposited collateral.

According to CertiK’s incident analysis, the attacker made relatively small legitimate USDC deposits and then used the compromised service role to authorize approximately 80 million USR across two transactions.

The contract verified that the authorization came from the approved service. It imposed a minimum output but did not enforce a maximum amount tied to the collateral deposited by the user.

Once the privileged service was compromised, the attacker could produce signatures that were cryptographically valid but economically unsupported.

This does not mean that cloud key-management services are inherently unsuitable for crypto infrastructure. The larger design problem was the amount of unrestricted economic authority granted to one service role.

A protected key can still become a catastrophic failure point when the contract receiving its signatures does not independently enforce collateral ratios, minting ceilings, transaction limits, or withdrawal velocity.

7. Truebit – $26 Million

Truebit was exploited on January 8 through an integer-overflow vulnerability in a bonding-curve contract deployed in 2021.

The contract had been compiled with Solidity 0.5.3, before automatic overflow protection was introduced in Solidity 0.8.0.

An attacker supplied an exceptionally large value that caused an arithmetic calculation to wrap around to a number close to zero. This allowed large quantities of TRU to be minted for almost no ETH and then redeemed for real ETH held by the contract.

Chainalysis estimated the primary loss at $26.2 million. CertiK placedthe combined amount closer to $26.6 million, including approximately $224,000 extracted by a second attacker.

The vulnerable implementation had not been publicly verified on Etherscan. That did not prevent attackers from examining it.

Contract bytecode can be decompiled, old compiler behavior can be identified, and suspected vulnerabilities can be tested through simulations or blockchain forks.

Truebit is the clearest major exception to the broader pattern seen in 2026. Its loss came from public execution logic rather than compromised operational authority.

It also shows why dormant contracts must remain within audit, monitoring, and bug-bounty scopes for as long as they retain funds or permissions.

Why Echo Protocol Does Not Rank as a $76.7 Million Theft

Echo Protocol is sometimes described as suffering a $76.7 million loss because an attacker used a compromised administrator key to mint 1,000 unbacked eBTC carrying that notional value.

The attacker did not extract $76.7 million in real assets.

According to Merkle Science, 45 of the fraudulent eBTC were deposited into the Curvance lending protocol.

The attacker borrowed approximately 11.29 WBTC, worth around $867,000, before the remaining 955 unbacked eBTC were burned.

The accurate figures are therefore:

  • Fraudulent issuance: Approximately $76.7 million in notional eBTC.
  • Real assets extracted: Approximately $867,000 in WBTC.
  • Remaining unbacked supply: Burned after the incident.

Classifying the full notional amount as stolen would exaggerate the realized damage by almost 90 times.

Echo still exposes an important collateral-risk problem. Curvance’s oracle correctly recognized the market value assigned to eBTC, but it could not determine that those particular tokens had been created without backing.

Price integrity is not the same as issuance integrity.

Lending protocols accepting externally issued collateral need controls for abnormal supply creation, changes in minting authority, sudden collateral deposits, backing verification, and issuer-level administrative risk. A correct price feed cannot answer those questions by itself.

The Common Failure Was the Control Plane

The largest 2026 incidents did not share one code vulnerability. They shared weaknesses in the systems responsible for deciding what the code was allowed to do.

In traditional infrastructure terminology, the execution layer processes ordinary activity, while the control plane determines permissions, configurations, trusted data sources, and exceptional actions.

That distinction maps closely onto the largest incidents:

Kelp: A verifier accepted a fabricated version of source-chain activity.

Drift: Valid signatures transferred administrative control.

Step: Compromised executive devices exposed treasury authority.

Humanity: A compromised endpoint exposed privileged keys.

Resolv: A compromised service role created valid but economically unsupported authorizations.

Echo: One administrator key could grant uncapped minting authority.

Truebit: The exception was an arithmetic flaw in legacy contract code.

CertiK recorded 204 code-vulnerability incidents during the first half of the year, producing approximately $151.6 million in losses. Wallet compromises caused $444.5 million across only 33 incidents.

That works out to an average of approximately $743,000 per code-vulnerability incident and $13.5 million per wallet-compromise incident.

On average, a wallet compromise was roughly 18 times more expensive.

The comparison does not make smart contract audits less important. It shows that auditing the contract while excluding its signers, RPC dependencies, administrative interfaces, cloud roles, and emergency controls leaves a substantial part of the financial system untested.

Five Controls That Address the Actual Failures

Enforce Economic Limits After Authentication

A valid signature should prove who approved an action. It should not grant unlimited economic authority.

Minting, bridging, collateral approval, and withdrawals can still be restricted through maximum transaction sizes, rolling limits, collateral ratios, time delays, asset-specific caps, and automatic pauses.

These controls may not prevent a credential compromise, but they can stop one compromised key from immediately creating an unlimited liability.

Measure Independence, Not the Number of Keys

A 3-of-5 multisig is not meaningfully distributed when three keys can be recovered from one laptop or controlled through the same corporate account.

NIST’s key-management guidance emphasizes lifecycle controls including authorization, backup, accountability, separation of duties, compromise response, and protection of keying material.

Protocols should identify whether supposedly independent signers share devices, password managers, cloud tenants, recovery procedures, physical locations, or reporting lines.

Monitor Relationships, Not Only Transactions

Every individual transaction in the Kelp exploit appeared valid. The detectable failure was the missing relationship between the two chains: rsETH was released on Ethereum without being burned on the source chain.

Bridge monitoring should continuously reconcile locks, burns, mints, and releases across every relevant network.

Similar invariant checks can compare collateral deposited against tokens minted, reserves against circulating supply, and approved withdrawal limits against actual outflows.

Simulate Administrative Intent Before Signing

Hardware wallets protect private keys, but they cannot determine whether a legitimate user is approving a malicious transaction.

Administrative transactions should be decoded and simulated in a separate environment before execution.

Signers need to see the resulting permission changes, newly approved collateral assets, pricing parameters, withdrawal limits, contract upgrades, and ownership transfers, not only a transaction hash or an opaque wallet prompt.

Keep Legacy Contracts Inside the Security Perimeter

A contract does not become safer because it has operated without incident for several years.

Any deployment that holds assets, processes redemptions, controls protocol permissions, or remains connected to current products should have verified source code, documented compiler assumptions, active monitoring, and inclusion in audit and bug-bounty programs.

AI-assisted decompilation may reduce the time attackers need to identify old arithmetic, access-control, or validation flaws. Security through obscurity becomes less effective as those tools improve.

AI Is Amplifying Existing Fraud Models

AI did not create the core vulnerabilities behind Kelp, Drift, Resolv, or Echo. Its more immediate effect is to reduce the cost of target research, impersonation, localization, and sustained communication.

Chainalysis’ 2026 Crypto Crime Report, which analyzes 2025 activity, found that scam operations with identifiable links to AI-service providers were approximately 4.5 times more profitable than scams without those links.

That evidence should not be presented as proof that every sophisticated attack in 2026 used AI. It shows that AI-assisted operations were already producing higher returns and could make several established techniques easier to scale:

Synthetic Identity

Deepfake video and voice impersonation.

Advanced Reconnaissance

Target research across social and professional networks.

Multilingual Social Engineering

Long-running conversations in multiple languages.

Adaptive Phishing

Cloned interfaces and personalized phishing pages.

Automated Vulnerability Research

Automated analysis of contracts and decompiled bytecode.

The likely development is a combination of social and technical methods. Social engineering obtains the credential or authorization; existing protocol permissions convert that access into a financial loss.

Regulation Changes Accountability, Not Exploit Mechanics

The European Union’s MiCA transitional period ended on July 1, 2026. Covered crypto-asset service providers generally now require authorization to continue operating in the EU, subject to the regulation’s scope and national supervisory decisions.

MiCA can strengthen governance, custody, operational controls, and accountability. It cannot determine whether a bridge uses independent verifiers, whether privileged keys are properly separated, or whether an authorized signer understands a malicious transaction.

The US GENIUS Act was signed into law on July 18, 2025 and establishes a federal framework for payment stablecoins.

It is not a general cybersecurity regime for every bridge, exchange, wallet, or DeFi protocol.

Regulation determines who is responsible and which safeguards should exist. Security engineering determines whether a forged message, compromised key, or malicious approval can execute before those safeguards respond.

What to Watch Through the Rest of 2026

The final 2026 security picture should be judged through more than the cumulative headline loss.

Security Intelligence: Key Indicators

Loss concentration

Whether a few extreme incidents continue to dominate the annual total.

Attack surface

Whether wallet, administrative, cloud, and infrastructure compromises remain more costly than code exploits.

Recovery-adjusted damage

How much remains missing after freezes, repayments, and negotiated returns.

Attribution quality

Whether preliminary links to state-sponsored groups are supported by completed investigations.

Control adoption

Whether protocols introduce independent verification, transaction simulation, key separation, and enforceable economic limits before the next major attack.

This ranking is a snapshot prepared on July 17, not a final record for the year. Nearly 46% of 2026 remains, and historical loss figures may continue to change through asset recoveries, token-price revisions, newly identified wallets, and clearer distinctions between notional exposure and realized theft.

The evidence supports a narrower conclusion: the highest-value incidents increasingly targeted the control systems surrounding smart contracts, signers, devices, RPC infrastructure, privileged services, and verification networks, rather than contract logic alone.


This article is for educational purposes only. Incident valuations may change because of asset-price movements, recoveries, revised attribution, and differences between gross exposure, realized extraction, and net losses.

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here