The crypto industry lost $1.32 billion in six months: statistics are misleading, threats are becoming more targeted
The first half of 2026 cost the crypto industry $1.32 billion in losses from security incidents. At first glance, this is 46.8% less than a year earlier. However, as my calculations show, this figure is misleading: excluding the anomalous $1.4 billion Bybit hack in 2025, actual losses for the first half of 2026 are approximately 28% higher than for the same period last year.
The key trend is that attacks are becoming more targeted and destructive. In the second quarter of 2026, damage increased by 59% compared to the first quarter, reaching $807.5 million. The main contributors were the hacks of KelpDAO and Drift Protocol, which accounted for over 70% of quarterly losses. While phishing dominated the first quarter, wallet compromise took the lead in the second. Moreover, incidents like Drift combined social engineering with the hijacking of administrative procedures, rather than being limited to simple key theft.
Data diverges: TRM Labs vs CertiK
TRM Labs estimates half-year losses more modestly at $972 million, less than half of the $2.3 billion a year earlier. The difference is explained by methodology: CertiK accounts for a broader range of Web3 incidents, including hacks, scams, and exploits. Meanwhile, TRM Labs records a record number of attacks — 207 incidents over six months. Of these, 125 (about 60%) were smart contract hacks, but the main damage (approximately 76%) was caused by infrastructure and operational compromises, which accounted for only 15% of total incidents.
The North Korean connection and geopolitics
According to TRM Labs, groups linked to North Korea are responsible for stealing about $643 million, or 66% of all stolen funds. CertiK also points to North Korean hackers in the attacks on KelpDAO and Drift Protocol. At the end of June, delegations from the US, Japan, and South Korea discussed in Washington strengthening coordination against Pyongyang's cyber activities, including cryptocurrency theft and money laundering. According to the State Department, these proceeds fund weapons programs.
As an analyst, I emphasize: the industry needs to fundamentally rethink its approach to security. CertiK's recommendations — strengthening hardware infrastructure protection, distributing signatories across different jurisdictions, and strict control over large transfers — are becoming not just desirable but critically necessary. The second quarter of 2026 has already been called record-breaking in terms of the number of hacks (83 incidents, $755.3 million in losses), and this is an alarming signal: while the market focuses on growth, hackers are perfecting their methods.