Key Highlights
- Web3 recorded $1.31 billion in losses across 344 security incidents during H1 2026.
- CertiK said headline losses appear lower largely because H1 2025 included the record-breaking Bybit hack.
- Wallet compromises overtook smart contract exploits as the biggest source of financial losses.
The Web3 industry lost more than $1.31 billion across 344 hacks, scams, and exploits during the first six months of 2026, according to blockchain security firm CertiK.
In a report shared on Monday, the firm stated that the figure marks a 46.8% decline from the $2.47 billion stolen during the same period last year.
CertiK said the comparison requires context because H1 2025 included the $1.45 billion Bybit exploit, the largest crypto hack on record. Without the Bybit incident, losses during the first half of 2025 would have totaled roughly $1.03 billion, making H1 2026 approximately 28% higher on a comparable basis.
“The underlying security environment has not improved; in several meaningful respects, it has deteriorated,” the report said.
Wallet hacks take the lead
Unlike previous years, wallet compromises were the largest source of financial losses during H1 2026. According to CertiK, attackers stole $444.5 million through 33 wallet compromise incidents, making it the most expensive attack vector despite accounting for relatively few cases.
Phishing ranked second, resulting in $366.3 million in losses across 63 incidents. Although phishing attacks fell sharply from 132 incidents a year ago, the total amount stolen declined by only around 11%, suggesting attackers increasingly targeted fewer but higher-value victims.
Code vulnerabilities remained the most common security issue, accounting for 204 incidents and approximately $151.6 million in losses.
Ethereum remains the biggest target
Ethereum remained the most targeted blockchain during the first half of the year, recording 153 security incidents with losses totaling about $522.8 million. Solana experienced only seven incidents, but they resulted in more than $315 million in losses, largely because of the Drift Protocol exploit.
Binance Smart Chain recorded more than 100 incidents, though the average losses were considerably smaller than those seen on Ethereum and Solana.
CertiK said attackers are increasingly shifting their focus to older smart contracts rather than exclusively targeting newly launched protocols. According to the report, improved automated attack tools are enabling hackers to revisit legacy codebases, underscoring the need for continuous security reviews instead of relying solely on pre-launch audits.
Two exploits dominated H1 losses
The report found that two attacks accounted for nearly 44% of all losses recorded during the first half of the year.
The largest was the Kelp DAO exploit, where attackers stole approximately $292 million after compromising the protocol’s RPC infrastructure. It was followed by the $285.3 million Drift Protocol exploit, which stemmed from a wallet compromise. Other notable incidents included Humanity Protocol, Step Finance, Resolv, Truebit, and Rhea Finance.
Recovery efforts offset losses as threats evolve
The firm also reported that approximately $115.3 million in stolen assets were frozen or recovered during the first half of 2026, reducing adjusted losses to about $1.20 billion. However, a significant portion of stolen funds remains inactive, leaving open the possibility of further recoveries.
Despite the lower adjusted losses, CertiK said the threat landscape is evolving rather than improving. Wallet compromises, phishing campaigns, and operational security failures accounted for a growing share of incidents, while a small number of large-scale exploits continued to drive overall losses.
The report concludes that attackers are increasingly targeting critical infrastructure and high-value assets, reflecting a shift in tactics even as the total number of incidents remains relatively unchanged.
Also read: EMURGO Winds Down SecondFi for Good as Cardano Hack Recovery Drags On
