Back to News

Crypto hacks caused $1.32B in H1, but losses rose 28% without Bybit’s 2025 hack

Cryptocurrency hack losses exceeded $1.3 billion in H1 2026, with wallet breaches being the largest threat. Despite a lower total than last year, underlying losses increased by 28% excluding a major prior hack, highlighting worsening security risks.
Crypto hackers stole $1.32 billion in the first half of 2026 – a figure that looks like a big improvement over last year, but only because of one massive incident.

Forbes reported July 17, citing CertiK’s Hack3D report, that 344 on-chain security incidents in H1 caused total losses of $1,315,676,432. That’s down 46.8% from the same period in 2025. But strip out Bybit’s $1.45 billion hack in February last year, and 2025’s first-half losses drop to roughly $1.03 billion. On that adjusted basis, 2026 losses are actually up about 28%.

“A surface-level reading that losses fell by nearly 50% could create the impression that the ecosystem has become meaningfully safer,” CertiK said. “The data does not support that conclusion.”

Two incidents alone accounted for 44% of the total. Kelp DAO lost $291.3 million and Drift Protocol lost $285.3 million. In both cases, the root cause wasn’t a smart-contract code bug – it was failures in operational and infrastructure security. That pattern defined the first half, according to CertiK co-founder and CEO Ronghui Gu.

Wallet compromises were the most damaging attack type, exceeding $444 million in losses. The average loss per incident topped $13 million – far higher than any other category. Attackers are getting better returns by targeting key management, multisig governance and operational infrastructure instead of hunting for code flaws, Gu said.

Phishing attacks also became more concentrated. The total number of phishing incidents fell to 63 from 132, but just four social-engineering attacks accounted for $310 million, or roughly 85% of all phishing-related losses. Attackers are aiming bigger.

A newer risk is emerging: AI agents. Gu warned that AI agents with wallet access act as a new type of privileged key holder. If not properly secured, they may fail to filter malicious inputs. The takeaway, Forbes noted, is that security audits alone are no longer enough. A protocol can pass a flawless code audit and still lose millions if an admin key is compromised.

For traders, the message is clear: the threat surface has shifted from code to operations. Wallet security, key management, and infrastructure hardening are now the frontline – and the losses prove it. Watch for more incidents tied to compromised admin keys and AI-agent vulnerabilities.

Related news