The first six months of 2026 broke every record for crypto hack frequency, even as total dollar losses fell to a fraction of what they were a year earlier. There were more attacks than in any six months in crypto history, yet fewer of them managed to cause mega-losses. When mega-losses did occur, they came almost entirely from operational and human failures rather than smart contract bugs.
This ranking cross-verifies the numbers, attack methods, on-chain fund flows, and recovery status of each incident against official reports from TRM Labs, DeFiLlama, CertiK, Chainalysis, Elliptic, Halborn, Arkham Intelligence, LayerZero, THORChain, and Metrika, along with each affected protocol’s own public disclosures.
The H1 2026 crypto hack landscape
Before ranking the individual incidents, the aggregate picture explains why so many of the biggest crypto hacks looked structurally similar.

Record Incidents, Modest Dollar Totals
Blockchain intelligence firm TRM Labs recorded approximately $972 million stolen across 207 incidents, versus 83 incidents and $2.3 billion in the same period a year earlier. DeFiLlama’s public hacks database tracks a smaller amount-bearing subset totaling $780.3 million in Q2 alone, with April driving $644.8 million of that.

Q2 by itself set a new quarterly record with 123 incidents. The median hack cost approximately $219,000, while the average sat at $4.7 million: a 20-times gap that shows how a handful of catastrophic incidents pulled the average sharply upward even as most attacks stayed comparatively small.
Where the Money Actually Went
Smart contract exploits made up 125 of the 207 incidents, roughly 60% of the count, yet accounted for only a small share of dollars lost. According to TRM Labs, infrastructure and operational compromises made up only about 15% of incidents but drove approximately 76% of total losses.
Most attacks in H1 2026 involved someone finding a code bug, while the largest losses came from stolen keys, socially engineered developers, and off-chain systems that were never as secure as the on-chain code they controlled. Bridges again emerged as the highest-value single point of failure, with DeFiLlama’s cumulative bridge hack tracker sitting at approximately $3.26 billion since inception.
North Korea’s Continued Dominance
TRM Labs assessed roughly $643 million as attributable to North Korea-linked activity, or 66% of the half-year total. That was down in absolute terms from $1.7 billion in H1 2025, but the share of the total actually rose. Nearly all of that H1 2026 DPRK haul came from just two April operations against Drift Protocol and KelpDAO, which together produced $577 million.
CertiK’s Skynet DPRK Threat Report, dated May 12, 2026, independently tracks the same trend, estimating that DPRK-linked actors have stolen approximately $6.75 billion across 263 incidents between 2016 and early 2026.
TRM’s longer-range analysis shows North Korea’s share rising steadily, from below 10% in 2020 and 2021, to 22% in 2022, 37% in 2023, 39% in 2024, 64% in 2025, and 66% in H1 2026.
1. KelpDAO: The Largest DeFi Hack of 2026
Quick Update: On April 18, 2026, the $292M exploit created roughly $177M in bad debt on Aave. rsETH has since been fully restored through the DeFi United coalition.
On April 18, 2026, a single forged cross-chain message drained approximately $292 million in unbacked rsETH from KelpDAO’s LayerZero-powered bridge, making it the single largest DeFi exploit of the half-year.

How the Attack Unfolded
According to LayerZero’s official incident report prepared with Mandiant and CrowdStrike, the operation began weeks earlier when the attacker socially engineered a LayerZero Labs developer into surrendering session keys. That intrusion allowed the attacker to poison internal RPC nodes inside LayerZero’s cloud environment.
On the day of the attack, a coordinated Distributed Denial of Service against an external RPC provider forced LayerZero’s Decentralized Verifier Network to fall back onto the poisoned internal nodes, which reported a fictitious rsETH burn on Unichain. Because rsETH was configured to require only a single verifier signature, that one attestation was enough to authorize the mint on Ethereum.
The financial impact spread far beyond KelpDAO. According to Metrika’s on-chain forensic analysis, the attacker immediately used the newly minted rsETH as collateral on Aave to borrow approximately $190 million in real WETH, creating bad debt of roughly $177 million that still sits on Aave’s books. Aave saw over $8.4 billion in deposits leave within 48 hours, and total DeFi TVL dropped more than $13 billion.
Chainalysis’s own review confirmed that neither KelpDAO’s smart contracts nor LayerZero’s protocol code contained a vulnerability. The failure was entirely at the off-chain verification layer. KelpDAO’s emergency multisig froze contracts 46 minutes after the drain, blocking two follow-up attempts that would have released an additional $200 million in rsETH.
Recovery and Aftermath
Three days after the exploit, the Arbitrum Security Council froze approximately 30,766 ETH worth roughly $75 million sitting at a downstream attacker address, preserving about one quarter of the total haul. The remainder moved quickly. Arkham Intelligence tracked the attacker laundering roughly $220 million through THORChain and multiple privacy protocols over the following six weeks.
KelpDAO restored rsETH to full backing on May 25, 2026, through a coalition called “DeFi United” that included Lido Finance, EtherFi, and Aave founder Stani Kulechov. The protocol also announced it is migrating rsETH from the LayerZero standard to Chainlink’s Cross-Chain Token architecture. LayerZero has confirmed its own DVN will no longer act as the sole verifier on any channel going forward.
2. Drift Protocol: A Six-Month Social Engineering Operation
Quick Update: On April 1, 2026, the $286M loss followed a six-month social engineering campaign. The project was rebranded to Velocity on July 2.
Seventeen days before KelpDAO, Solana’s largest decentralized perpetual futures exchange lost over half its total value locked (TVL) in roughly 12 minutes. At the time of the incident, the Drift Protocol hack was the largest DeFi exploit of 2026, and it remains the second-largest exploit in Solana history after the 2022 Wormhole bridge hack. Independent analysis by Elliptic put the exact loss at $286 million.

The Six-Month Setup
According to Drift’s own post-mortem and TRM Labs’ forensic reconstruction, the operation began in the fall of 2025. Attackers posed as a quantitative trading firm and spent six months cultivating in-person relationships with Drift contributors at industry conferences. They deposited over $1 million of their own capital to appear as legitimate participants and onboarded an Ecosystem Vault between December 2025 and January 2026.
Contributor devices were then compromised through three vectors: a known VSCode and Cursor code editor vulnerability, a malicious TestFlight application framed as a wallet product, and a cloned code repository.
Technical staging began in early March. The attacker withdrew a small amount of ETH from Tornado Cash and used it to fund the deployment of a token called CarbonVote, roughly 750 million of which were minted, seeded with a few thousand dollars in liquidity on Raydium, and wash-traded to establish a fake price history near $1.
The attacker then created durable nonce accounts on Solana, a legitimate feature that lets transactions be pre-signed and executed later without expiring. Through social engineering, the attackers induced Drift Security Council multisig signers into blindly pre-signing transactions that appeared routine but carried hidden admin authorization instructions. On March 27, Drift migrated its Security Council to a 2-of-5 threshold with zero timelock, eliminating the review window that would have allowed detection.
The Drain and What Followed
At 16:05 UTC on April 01, the attacker activated the pre-signed transactions. Arkham Intelligence tracked the vault collapse in real time. The drain totaled roughly $270 million across 15 different token types over 31 transactions, wiping out more than half the protocol’s total value locked within an hour.
Over $230 million of the stolen USDC was subsequently bridged from Solana to Ethereum via Circle’s Cross-Chain Transfer Protocol (CCTP) during six hours that fell within US business time.
On-chain investigators publicly criticized Circle for not freezing the funds during that window, given that Circle had proactively frozen 16 unrelated corporate wallets in a sealed US civil case just days earlier. The DRIFT token fell more than 40% immediately after the exploit and remains down over 98% from its all-time high as of July 2026.

DRIFT token price chart on CoinMarketCap showing the sharp decline following the April 1, 2026, exploit and sustained low levels.
Elliptic logged the exploit as the 18th DPRK-linked operation of 2026. TRM Labs identified the operators as UNC4736, a subgroup distinct from the TraderTraitor cluster behind KelpDAO but linked to the same broader Lazarus command structure. Roughly 20 Solana-based protocols with Drift exposure faced disruptions, and some, including crypto card service Pyra, later shut down altogether.
On July 02, 2026, Drift officially rebranded to Velocity, though the rebrand drew community pushback from users who felt it obscured accountability. The team has engaged Asymmetric Research and OtterSec for the ongoing forensic and recovery work.
3. Humanity Protocol: Seven Keys on One Laptop
Quick Update: On June 8, 2026, a $31–36M key compromise (malware on developer laptop) crashed $H by 88–90%. New audited ERC-20 H token airdropped 1:1 to pre-exploit holders (hacker wallets excluded); compensation fund launched. No funds recovered; token remained depressed.
The largest incident of June 2026 struck a proof-of-humanity project positioned as the “Chinese Worldcoin.” According to the project’s own investigation, the loss reached roughly $36 million, though PeckShield’s independent estimate came in closer to $31 million. What made the incident notable was not the size but the operational simplicity of the failure.

How the Attack Happened
According to the project and Halborn reports, the breach began with a phishing email (masquerading as from Bithumb) sent to a project director. Opening a malicious attachment installed malware, granting root access to a laptop that inadvertently held backups of seven private keys (stored since the June 2025 mainnet launch). These included one admin hot wallet key, three of the six owner keys for the project’s Ethereum Safe, and three of the five owner keys for its BSC Safe. These keys controlled a Hyperlane bridge ProxyAdmin.
The exploit unfolded in three sequential phases. First, the attacker used the admin hot wallet key to transfer millions of H tokens directly to an aggregation wallet on Ethereum.
Second, using the three ETH Safe owner keys, the attacker assembled an offline transaction, seized ownership of the Bridge ProxyAdmin, upgraded the bridge contract to a malicious implementation, and swept the entire bridge lockbox of H tokens in a single move.
Third, using the three BSC Safe owner keys, the attacker took over the BSC ProxyAdmin and called the mint function three times, producing 100 million H tokens each time. (Total: ~141 million H tokens moved/drained.)
Recovery and Aftermath
Arkham Intelligence and on-chain analysts (e.g., Lookonchain) tracked the attacker converting stolen H into ~18,510 ETH (~$30M+), USDC/USDT, BNB, and smaller amounts. Funds were split across wallets, swapped via DEXs (Uniswap, PancakeSwap), and deposited into KuCoin wallets.
Laundering continued across Bitcoin, Solana, Hyperliquid, and BNB Chain. Some flows commingled with prior exploits (e.g., KelpDAO). Tooling raised possible DPRK links (no formal attribution). Seventeen H-holding addresses were systematically drained.
The H token collapsed roughly 88% to 90% within hours, falling from around $0.67 to a low near $0.05. It briefly recovered some ground but remained heavily depressed (trading in a ~$0.06–$0.20 range in mid-June reports) with an 88.85% drop over the past month. The project’s market capitalization dropped from about $2 billion to under $40 million.

$H token price performance on CoinMarketCap nearly a month after the June 2026 exploit, reflecting the sustained impact of the hack.
Humanity Protocol paused affected bridges, froze contracts where possible, abandoned the compromised BSC deployment, and coordinated with exchanges for migration. They deployed a new audited ERC-20 H token on Ethereum, conducted 1:1 airdrops to pre-exploit snapshot holders (EOAs direct; pools/contracts pending), excluded hacker wallets, and launched a compensation fund/claims portal (with KYC/AML for edge cases due to DPRK links).
Mainnet relaunch planned with new H as native token. Security firm Quantstamp assisted; bounty offered for recovery info. No stolen funds have been recovered as of late June 2026, according to reports.
4. Step Finance: A Treasury Breach That Ended the Project
Quick Update: In late January 2026, the $29M treasury breach triggered a 96% collapse in STEP. The project shut down on February 23.
The end of January produced one of the year’s cleanest examples of how a single treasury breach can permanently end an otherwise healthy protocol. Solana-based DeFi portfolio manager Step Finance had its treasury wallets emptied of 261,854 SOL worth approximately $29 million.
How the Attack Happened
The attack traced back to compromised executive team devices, likely through phishing. Once endpoints were breached, attackers gained access to treasury and fee wallets and transferred stake authorization to attacker-controlled wallets. The STEP token collapsed 96% immediately after the hack (and continued falling sharply in the following weeks).

As shown in the CoinMarketCap chart above, the token plummeted from previous trading levels to around $0.0001397, reflecting a staggering ~99.99% all-time decline, with market cap dropping to just ~$39.77K and extremely low liquidity.
The Shutdown and Aftermath
Despite the team publicly stating it had explored every possible path forward, including financing and acquisition, no viable outcome could be secured. On February 23, 2026, Step Finance, its subsidiary Solana news outlet SolanaFloor, and its tokenized equity marketplace Remora Markets all shut down simultaneously. Step Finance had served over 2.4 million users at the time.
The team promised a STEP token buyback based on a pre-hack snapshot, and Remora rToken holders were told they could redeem their tokens, which remained fully backed one-to-one with USDC.
5. Truebit: An Old Bug Meets a Ready Attacker
Quick Update: On January 8, 2026, the $26.4M exploit hit a 5-year-old contract. The TRU token remains effectively at zero with no recovery plan.
The year opened with a stark reminder that abandoned legacy contracts remain live attack surfaces. On January 08, 2026, Ethereum-based computation verification protocol Truebit lost approximately 8,535 ETH worth $26.4 million to a pricing bug in a smart contract that had been live for nearly five years.
How the Attack Happened
According to the post-mortem, the attacker exploited a flaw in the getPurchasePrice function of Truebit’s Purchase smart contract. The bug allowed carefully crafted high-value mint requests to return a purchase price of essentially zero.
Independent researcher Weilin Li traced the root cause to closed-source code where the pricing math was mishandled for unusually large mint quantities. The attacker executed a series of buy-and-sell loops, minting TRU tokens at negligible cost and immediately selling them back into the bonding-curve pool to extract real ETH.
On-chain data by Etherscan showed the attacker also paid a small builder bribe to prioritize transactions. One particularly bold transaction used a function named “Attack,” signaling clear premeditation.
Attribution and Aftermath
On-chain analytics split the exploit into two actors: a primary attacker capturing roughly $26 million and a secondary attacker taking about $250,000. PeckShield linked the secondary attacker to a smaller Sparkle protocol exploit that had occurred just 12 days earlier.

The TRU token collapsed 99.9% within hours, effectively wiping out the project. Portions of the stolen funds were later routed through Tornado Cash. No recovery plan has been announced.
6. Resolv: When an AWS Key Depegged a Stablecoin
Quick Update: On March 22, 2026, the $23–25M USR mint exploit briefly depegged the stablecoin. Most extracted ETH remains unrecovered.
In the early hours of March 22, 2026, an attacker with access to Resolv Labs’ AWS Key Management Service environment used the protocol’s own signing key to mint 80 million unbacked USR stablecoins from a deposit of just $100,000 to $200,000 in USDC. Approximately $23 to $25 million in ETH was extracted, and the USR stablecoin briefly crashed to just over two cents on Curve before rebounding.
How the Attack Happened
According to Chainalysis’s technical breakdown, Resolv’s minting system relied on an off-chain service that used a single privileged private key stored in AWS KMS. The smart contract itself performed no oracle check, no maximum mint limit, and no ratio validation between deposited collateral and minted USR. It only checked that a valid signature existed.
The attacker made two mint calls, converted the unbacked stablecoin into staked wstUSR to avoid immediately tanking the market, then swapped through DEX pools into other stablecoins and finally into ETH. Halborn’s parallel analysis confirmed the same sequence.
Timeline of the Heist (March 22, 2026)
- Compromise of 3rd-party cloud-stored minting key.
- 02:21 – 03:40 UTC: Mint of 80M unbacked USR approved from a small USDC deposit.
- 06:46 UTC: Tokens swapped for 5,500 ETH.
- 06:53 UTC: Additional tokens swapped for 4,793 ETH.
- Total extracted: ~$23M in attacker-controlled wallets, with USR briefly depegged by ~80% on Curve.

Contagion and Recovery
The damage spread well beyond Resolv itself. Fluid and Instadapp absorbed over $10 million in bad debt, with $300 million in outflows in a single day. Approximately 15 Morpho vaults with USR exposure took losses, though Morpho’s core contracts remained unaffected since the risk sat with individual curators.
Resolv Labs paused all protocol functions and burned approximately $9 million in USR still held in the attacker’s account. Redemptions have since been enabled selectively for pre-incident USR holders, but most of the extracted ETH has not been recovered.
7. Verus Ethereum Bridge: A Rare Recovery Case
Quick Update: On May 18, 2026, the $11.58M forged Merkle proof exploit saw 75% returned via bounty within four days.
The Verus Ethereum bridge exploit stands out in H1 2026 not just for its size but for how the story ended. It is one of the very few incidents in the half year where the majority of stolen funds were actually returned to the protocol.
How the Attack Happened
In the early morning of May 18, 2026, on-chain security alerts flagged suspicious activity on the Verus Ethereum bridge. According to the post-mortem, the bridge’s smart contracts on both chains performed cryptographic validation, but neither side actually required that the input amount on Verus match the payout amount on Ethereum.
The attacker constructed a transfer with only about a cent’s worth of inputs on the Verus side but a payout of 1,625 ETH, 103.6 tBTC, and 147,000 USDC on the Ethereum side. SlowMist founder Cos assessed the exploit path as a forged Merkle proof. The root cause was a missing source-destination value equivalence check — a classic bridge logic gap.
The vulnerability class was the same one that enabled the 2022 Wormhole and Nomad bridge hacks: assets released on the destination chain without proof that value had been backed on the source chain. The entire attack cost the hacker only ~$0.01–$0.10 in Verus fees.
The vulnerability class was the same one that enabled the 2022 Wormhole and Nomad bridge hacks: assets released on the destination chain without proof that value had been backed on the source chain.

The Bounty Deal and Recovery
Four days after the exploit, Verus and the attacker reached a bounty arrangement. Verus offered 1,350 ETH in exchange for the return of 4,052 ETH within a 24-hour window. The attacker complied. PeckShield verified the return of roughly $8.5 million in ETH to the team’s designated treasury address, representing 75% of the total stolen.
The remaining 25%, worth about $2.8 million, was kept as the agreed bounty. It stands as one of the very few successful direct-to-attacker negotiations in H1 2026.
This exploit belongs to the same family as the Wormhole ($325M, 2022) and Nomad ($190M, 2022) incidents — all involving forged or mismatched cross-chain proofs. It highlights ongoing risks in non-open-source bridges and the value of rapid communication with attackers.
8. THORChain: An Old Cryptographic Flaw and a Patient Attacker
Quick Update: On May 15, 2026, a $10.7M GG20 TSS exploit hit one of six Asgard vaults. The network paused for 39 days and fully reopened on June 23, 2026, after patches, audits, and upgrades. XMR swaps are in testing; ZEC next.
Cross-chain liquidity protocol THORChain has suffered multiple incidents over the years, but the May 15, 2026, exploit was one of its most sophisticated. Roughly $10.7 million was drained by a single malicious node operator who had spent weeks positioning themselves inside the protocol.
How the Attack Happened
According to THORChain’s own detailed incident report, an attacker operating under the Discord handle “Dinosauruss” joined the developer Discord weeks earlier, repeatedly asked questions about node churning, funded operations privately through Monero, and bonded significant RUNE. The malicious node joined on May 13 and was churned in shortly after.
Two days later, it exploited a known GG20 Threshold Signature Scheme vulnerability (gradual key material leakage during signing rounds), reconstructed vault keys from one Asgard vault, and executed unauthorized outbound transactions.
The attack affected at least nine chains (Bitcoin, Ethereum, BNB Chain, Base, Avalanche, Dogecoin, Litecoin, Bitcoin Cash, XRP).
Roughly $10.7 million was drained in total (one of six vaults, ~20% of protocol-owned funds). EdDSA-based chains like Solana were unaffected. User funds and LP positions remained safe.
Response and Aftermath
THORChain’s automatic solvency detection triggered within minutes, halting signing and trading. Node operators stacked manual pauses via governance, bringing the network to a full controlled halt within roughly two hours. The initial pause lasted ~12 hours 42 minutes, but comprehensive recovery took 39 days.

The team deployed v3.19.0 patches (MPC security + vault isolation), conducted audits, and completed an 11-stage reactivation before resuming full operations (signing, churning, swaps, LP actions) on June 23, 2026. Losses are covered via protocol-owned liquidity (no new RUNE). RUNE dropped 11–15%. The exploit accelerated migration to the more secure DKLS TSS (work with Silence Labs began Nov 2025).
The incident renewed criticism of THORChain’s selective use of its emergency shutdown capability. The protocol had previously declined to freeze illicit flows when Lazarus was laundering funds from the $175 million KelpDAO exploit and the earlier Bybit heist, but moved quickly to pause when its own liquidity was at risk.
THORChain had already engaged Silence Labs in November 2025 to build a custom DKLS TSS implementation, and the exploit accelerated that migration. Post-incident, the team deployed security patches and performed a vault migration before gradually resuming operations.
9. Syscoin Bridge: The Cleanest Recovery of H1 2026
Quick Update: On June 7, 2026, the $10M exploit resulted in 5 billion unauthorized SYS, all of which were returned and burned.
The Syscoin bridge exploit produced the single cleanest recovery of the half year. On June 07, 2026, an attacker exploited a parsing error in the bridge’s proof validation to mint approximately 5 billion unauthorized SYS tokens worth roughly $10 million.
How the Attack Happened
Syscoin operates on two layers: a Bitcoin-based UTXO chain and an Ethereum-compatible smart contract layer called NEVM. According to the post-mortem, the attacker first deployed a custom test token on the network.
The attacker created a transaction with two asset records that both referenced the same output. One record referred to native SYS, while the second was a custom test token the attacker had deployed in advance.
Syscoin Core interpreted the operation as a custom token transaction, while the NEVM relay module read it as a native SYS operation. That interpretation gap caused the storage smart contract to mint 5 billion SYS on the UTXO side without any corresponding burn on NEVM. The structural pattern matched the 2022 Nomad Bridge exploit in how proof handling was manipulated.
The Recovery
Syscoin’s response was aggressive and unusually effective. The team paused the bridge immediately, coordinated with exchanges to freeze deposits tied to the tainted trail, and then took the unusual step of contacting the attacker directly through blockchain messages. The on-chain message included an official recovery address and a clear warning about potential legal action and exchange blacklisting if the tokens were not returned.
The attacker returned all 5 billion SYS tokens to the designated recovery address. Syscoin then burned every returned token to restore the pre-attack supply. The bridge itself remains paused pending a final security audit. This stands as one of the fastest and most complete recoveries seen in H1 2026.

10. JaredFromSubway.eth: The MEV Bot That Got Sandwiched
Quick Update: In mid-June 2026 (specifically June 20–21), approximately $7.5 million (on-chain confirmed: 1,474.58 WETH, 2.87M USDC, and ~2M USDT) was drained in a counter-MEV honeypot attack. JaredFromSubway.eth claimed the total losses were closer to $15 million. No funds have been returned or recovered as of July 2026. Portions of the drained assets were routed through Tornado Cash.
The final entry in the top ten is the most ironic story of the half-year. JaredFromSubway.eth, Ethereum’s most notorious sandwich attack MEV bot, was drained of at least $7.5 million by a counter-MEV honeypot trap in mid-June 2026.
#PeckShieldAlert Specter has reported that #MEV bot #JaredFromSubway appears to have been drained of ~$7.5M in crypto, including 1,474.58 $WETH, 2.87M $USDC, & 2M $USDT.
— PeckShieldAlert (@PeckShieldAlert) June 20, 2026
The attacker swapped the stolen funds for 4.4K ETH and has already deposited 1K ETH into #TornadoCash pic.twitter.com/qY6IVDdnGJ
How the Attack Happened
According to Chainalysis’s post-mortem, the attack was neither a phishing incident, a private key compromise, nor a traditional smart contract vulnerability. It was a trap designed specifically to exploit the bot’s automated decision-making logic.
Over several weeks, the attacker deployed 66 fake token contracts mimicking WETH, USDC, and USDT and paired them with fraudulent liquidity pools that looked like profitable arbitrage opportunities.
The bot approached those routes and granted token spending approvals to attacker-controlled helper contracts. Early transactions consumed and revoked the approvals immediately, making them appear safe, while later iterations quietly left standing approvals in place. Once enough approvals had accumulated, the attacker triggered a sweep contract that drained WETH, USDC, and USDT from the bot’s addresses.
The Bounty Drama and Aftermath
JaredFromSubway.eth was estimated to be behind roughly 70% of Ethereum sandwich attacks between late 2024 and October 2025, contributing to approximately $60 million in annual trader losses. In May 2026, the bot even sandwich-attacked Ethereum co-founder Vitalik Buterin, using over $1.14 million in WETH to front-run a swap worth only a few dollars.
Following the exploit, JaredFromSubway.eth himself confirmed the incident and offered a 50% white hat bounty in ETH for the return of stolen funds within 48 hours, stating: “Well played. We are willing to offer a 50% white hat bounty if you return the ETH to us in the next 48 hours; otherwise, we will pursue all available legal and law-enforcement options.” (Some contemporaneous reports also reference an associated $1 million bounty offer tied to the $15 million loss claim.)
No funds have been returned as of July 2026, and portions of the drained assets have been routed through Tornado Cash. The attacker ignored the bounty and proceeded with laundering.
Notable Mention: The $282 Million Trezor Social Engineering Scam
The highest single-value theft of H1 2026 was not a code exploit at all. On January 10, 2026, a single crypto holder was tricked into revealing their hardware wallet seed phrase after an attacker impersonated Trezor “Value Wallet” support.
The attacker recreated the wallet and drained 2.05 million LTC, worth about $153 million, along with 1,459 BTC, worth about $139 million, for total losses exceeding $282 million.
The laundering trail was rapid and multi-chain. Large portions of the Bitcoin were bridged via THORChain to Ethereum, Ripple, and Litecoin. Significant amounts were swapped into Monero through instant exchange services, triggering a sharp spike in XMR’s price.
Security firm ZeroShadow flagged and helped freeze approximately $700,000 within about 20 minutes of being alerted. The rest is gone. On-chain investigators explicitly ruled out state actor involvement. This surpasses the previous individual social engineering record of $243 million from August 2024, making it one of the largest single-address social engineering thefts on record.
Other Notable Hacks From H1 2026
Several smaller exploits shaped the half-year picture without cracking the top 10. Secret Network lost about $4.67 million in June. The deprecated Aztec Payments and Aztec Connect contracts were drained of a combined $4.26 million on June 18, with Aztec Labs publicly acknowledging both contracts were immutable and no longer under its control.
Polymarket users lost approximately $3 million in June to phishing. Taiko Bridge confirmed a $1.7 million exploit on June 22. Raydium lost $1.34 million to a fake liquidity pool mint attack on June 10, and Thetanuts Finance saw $2.1 million drained from a legacy vault on June 15.
Gravity Bridge lost about $5.4 million on May 30 after private key access. TrustedVolumes lost $6.5 million in May. Alephium Bridge was drained of $815,000 on May 30, and Hyperbridge lost $2.5 million on April 13. Rhea Finance lost $18.4 million in April, and Grinex lost $16.2 million the same month.
What H1 2026 Actually Tells Us About Crypto Security
Five patterns cut across the H1 2026 primary source data, and understanding them is more useful than any individual hack story.
The first is that infrastructure attacks now dwarf smart contract exploits by value. Smart contract exploits accounted for the majority of incidents, but only a small fraction of the dollars stolen.
Roughly 76% of the H1 2026 loss total came from compromised keys, custody systems, and signing infrastructure rather than on-chain code. The most expensive part of Web3 security in 2026 is no longer the smart contract bug, but the system around the smart contract.
The second is that North Korea is not slowing down. DPRK-linked operators accounted for 66% of the half-year total per TRM Labs and 55% year-to-date per CertiK’s independent Skynet dataset. Two April incidents alone produced $577 million.
The third is that bridges remain the highest-value single point of failure. Multiple top-ten entries, including KelpDAO, Verus, THORChain, and Syscoin, involved bridge or cross-chain messaging failures. DeFiLlama’s cumulative bridge hack tracker sits at approximately $3.26 billion since inception.
The fourth is that social engineering has evolved beyond phishing. The Drift operation involved six months of in-person relationship building and multi-million-dollar capital deposits designed to establish legitimacy. The KelpDAO breach began with a socially engineered LayerZero developer. Even the Trezor scam that lost $282 million was pure human manipulation.
The fifth is that small attacks are quietly reshaping the surface area. Q2 2026 set a record for hack incident count with 123 breaches, more than the entire count from H1 2025. Attackers are increasingly returning to abandoned deprecated contracts, as the Aztec and Thetanuts incidents demonstrated, because those contracts still hold funds but have no active security review.
The Recovery Scorecard
Recovery outcomes in H1 2026 were rare and unevenly distributed. Only the Syscoin Bridge saw a full recovery, with all 5 billion unauthorized SYS returned by the attacker and burned by the team. Verus Ethereum Bridge saw substantial recovery through its 75% bounty deal, and KelpDAO managed to freeze roughly $75 million on Arbitrum while restoring rsETH backing through the DeFi United coalition.
Resolv achieved partial containment by burning about $9 million in USR that remained in the attacker’s account, and Humanity Protocol saw only small amounts flagged with no material recovery. Drift Protocol, Truebit, Step Finance, THORChain, JaredFromSubway.eth, and the Trezor social engineering victim saw no meaningful recovery. That distribution lines up with a broader industry reality: nearly 80% of hacked projects never recover their full value.
Summary Table
| Protocol | Date | Approx. Loss | Primary Cause | Recovery Status |
|---|---|---|---|---|
| KelpDAO | April 18, 2026 | ~$292M | Social engineering poisoned RPC | Partial (~25% frozen) |
| Drift Protocol | April 1, 2026 | ~286M | 6-month social engineering | None |
| Humanity Protocol | June 8, 2026 | ~$31-$36M | Malware on developer laptop | None |
| Step Finance | Late January, 2026 | ~$29M | Phishing/endpoint compromise | Project shutdown |
| Truebit | January 8, 2026 | ~$26.4M | Pricing bug in old contract | None |
| Resolv | March 22, 2026 | ~$23-$25M | AWS KMS key compromise | Partial |
| Verus Ethereum Bridge | May 18, 2026 | ~$11.58M | Forged Merkle proof | Strong (75% returned) |
| THORChain | May 15, 2026 | ~$10.7M | GG20 TSS vulnerability | Partial (resumed ops) |
| Syscoin Bridge | June 7, 2026 | ~10M | Proof validation parsing error | Full (burned) |
| JaredFromSubway.eth | Late June 2026 | ~$7.5M+ | MEV honeypot trap | None |
| Secret Network | mid-June 2026 | ~$4.67M | Smart contract exploit | Partial |
| Aztec (Connect + Payments) | June 18, 2026 | ~$4.26M | Deprecated contracts | None |
| Gravity Bridge | May 30, 2026 | ~$5.4M | Private key access | None |
| TrustedVolumes | Mid-to-late May 2026 | ~$6.5M | Key compromise | None |
Closing Thoughts: Security Is No Longer Just About Code
The H1 2026 numbers tell a specific story. Smart contract audits have improved substantially. The vulnerability class that dominated 2020 to 2022 still exists but is no longer where the biggest damage lives. The biggest losses of H1 2026 came from human decisions, off-chain infrastructure, and old assumptions about trust in cross-chain messaging that never got stress-tested until they broke publicly.
For protocol teams, robust key management, elimination of single points of failure in verifier networks, hardening of developer machines, and defense against multi-month social engineering campaigns now matter more than another code audit.
For users and investors, the H1 2026 scoreboard is a reminder that the largest single crypto theft of the half-year was neither an exchange breach nor a DeFi drain. It was one person giving up their seed phrase over the phone.
Whether the second half of 2026 stays below the H1 2025 total of $2.3 billion depends almost entirely on whether Lazarus lands another operation on the scale of the KelpDAO or Drift Protocol exploits.




