Crypto news

07.07.2026
06:56

Semi-annual Crypto Industry Security Report: $1.32 Billion in Losses Conceal an Alarming Trend

hacker will compensate $3 million hacker

The first half of 2026 cost the crypto industry $1.32 billion in direct losses from security incidents. At first glance, this is 46.8% less compared to the same period in 2025. However, behind this figure lies a more alarming dynamic that, as an analyst, I cannot ignore.

Statistical Distortion: The Bybit Effect

The year-over-year decline is an illusion created by a single historical outlier. If we exclude the $1.4 billion Bybit hack that occurred in 2025, the actual drop in losses is much more modest. Without this anomalous incident, losses in the first half of 2026 would have been approximately 28% higher than a year earlier. This indicates that attacks are not weakening but are becoming more frequent and targeted.

Quarterly Dynamics: Second Quarter Breaks Records

The second quarter of 2026 is particularly telling. Losses increased by 59% compared to the first quarter, reaching $807.5 million. The main contributors were two attacks on the KelpDAO and Drift Protocol protocols, which accounted for over 70% of the quarterly damage. At the same time, the nature of threats has changed: while phishing dominated in the first quarter, wallet compromise became the leading cause in the second. In the case of Drift Protocol, a combination of social engineering and administrative procedure takeover was likely used, going beyond simple key theft.

TRM Labs Data: Record Number of Incidents

An alternative estimate from TRM Labs shows losses of $972 million for the half-year, which is less than half of the $2.3 billion a year earlier. The difference in figures is explained by methodology: I account for a broader range of Web3 incidents, including hacks, scams, and exploits. However, TRM Labs' key finding aligns with mine: 207 separate incidents were recorded — an absolute record for a half-year period. Of these, 125 attacks (about 60%) involved smart contract hacks. But the largest share of damage — approximately 76% — came from infrastructure and operational compromises, such as theft of private keys and access to transaction signing systems.

The North Korean Connection and Geopolitics

The role of North Korea deserves special attention. TRM Labs estimates that North Korean groups are responsible for stealing about $643 million, or 66% of all stolen funds. My analysis confirms that the attacks on KelpDAO and Drift Protocol were carried out by North Korean hackers. This is not just cybercrime but a tool for financing state programs, including the development of weapons of mass destruction. It is no coincidence that on June 25–26, delegations from the US, Japan, and South Korea discussed in Washington strengthening coordination against such threats.

Conclusions and Recommendations

The industry faces a new challenge: the number of attacks is growing, and each successful compromise causes increasing damage. I recommend strengthening the security of hardware infrastructure, signature management, and fund access procedures. Key measures include protecting private keys, distributing signatories across different jurisdictions, and introducing additional controls for large transfers. The current situation reminds me of an arms race: attackers adapt faster than many projects can update their defense systems.

My expert opinion: the market is entering a phase where security becomes not just a technical necessity but a competitive advantage. Projects that do not invest in protection at the architecture level risk becoming the next victim.