74.7% of Web3 Hacks in the first quarter of this year expected a 6% recovery rate of hacking funds in 2026
What is more important than DeFi vs. surviving centralized exchange
Philosophy is a practical reward system
As hacking attacks targeting virtual assets and web3 ecosystems continue, the overall reliability of the industry is shaking.
In particular, the “social engineering” technique, which tricks the person in charge to steal the authority instead of directly penetrating the code of the system, is on the rise, and the recovery rate of funds once stolen has fallen below 10%, causing investor anxiety to reach its peak.
According to the Web3 security industry and Tiger Research on the 20th, 12 Web3 hacking issues, large and small, were reported in April this year alone.
Recently, in the bridge protocol “Hyperbridge,” which connects Polkadot and Ethereum, about 1 billion Bridged DOTs (Polkadot) were issued without permission on the Ethereum chain as attackers passed counterfeit requests without verification. The amount of damage initially announced was about $2.5 million, but the amount of damage continues to increase.
Prior to this, the large DeFi protocol “Drift Protocol” was hacked worth about $295.7 million.
The investigation revealed that it was a sophisticated operation in which Lazarus Group, a North Korean-linked hacking organization, stole governance authority after building trust with project team members over six months.
Tether urgently proposed a $127.5 million support package to deal with the situation, but it is far from sufficient to compensate for the total damage.
◆ North Korea’s hacking is on the rise…Instead of hard-to-pierce codes, I’m aiming for “people.”
![The proportion of human-targeting social engineering attacks among all Web3 hacks jumped from 28.7% in 2021 to 74.7% in the first quarter of 2026. [Source = Depyramar, Tiger Research]](https://i0.wp.com/nationalcybersecurity.com/wp-content/uploads/2026/04/news-p.v1.20260420.abcb8631d05f4e06824c7bf9d7c1e03e_P1.png?w=1150&ssl=1)
The biggest feature of recent Web3 hacking is the change in attack path. In the past, vulnerabilities in codes such as smart contracts were dug into, but now the majority of methods of hacking internal “people” who already have authority.
According to actual data, social engineering accounted for a steady rise from 28.7% in 2021 to 64.3% in 2025 and a whopping 74.7% in the first quarter of 2026.
Considering that 70% of traditional financial and corporate hacking cases were social engineering as of 2025, it shows that traditional criminal methods have been completely transferred to the web3 industry.
◆ “If you take it, it’s over”…Fall to 6% Recovery Rate
![The recovery rate of hacking funds, which reached 40% in 2020, is expected to fall to 6% as of 2026. The main reason is the advancement of money laundering using mixers and cross-chain bridges. [Source = Tiger Research]](https://i0.wp.com/nationalcybersecurity.com/wp-content/uploads/2026/04/news-p.v1.20260420.aa68d49b83c04ca0ae6a314e461d2f18_P1.png?w=1150&ssl=1)
The biggest difference between traditional finance and Web3 is in ‘post-response’. It is difficult for traditional companies to continue to steal actual funds through system intervention such as freezing accounts and canceling remittances.
On the other hand, as soon as the transaction is completed, the funds are immediately withdrawn to the on-chain, and there is no way to return them.
This is evidenced by the fund recovery data. According to Defillama and others, the recovery rate of hacking funds, which was around 25-40% in 2020-2021, plunged to 5-14% in 2022-2023 and 8-13% in 2024-2025.
As of 2026, the expected recovery rate is only 6%. This is because hackers’ money laundering technology through mixers and cross-chain bridges has become extremely advanced.
◆ Bybit is alive and Defay is dead…a task in the age of institutions
![During the massive hacking by North Korean hacker group Lazarus in early 2025, Bybit CEO Ben Zhou dispelled market instability, saying, "Customer assets are guaranteed one-on-one and we can compensate for all losses." [Source = Ben Zhou X]](https://i0.wp.com/nationalcybersecurity.com/wp-content/uploads/2026/04/news-p.v1.20260420.55067fed42f8480ba3410b59e5dac8e0_P1.jpg?w=1150&ssl=1)
Under these circumstances, the virtual asset industry is experiencing polarization. In early 2025, the global virtual asset exchange Bybit was hacked by a hacking attack believed to be North Korea worth about $1.5 billion, but it survived.
This is because Bybit CEO Ben Zhou immediately said, “Customer assets are guaranteed one-on-one, and even if they are not recovered, they can cover the loss in full.” This is because investors have prevented damage through cooperation between their own reserves (SAFU funds) and exchanges.
However, the DeFi project does not have a card to respond to the moment the pool of assets prepared by the attack is leaked. The only way is to negotiate with hackers, but this does not work for state-led hackers such as North Korea.
Experts agree that the inflow of “institutional funds” is essential for the Web3 ecosystem to take the next step, but it is not possible with the current security structure.
Blockchain efficiency and 24-hour markets are attractive, but there is no institution to put funds into a risky market with a recovery rate of less than 10%.
Tiger Research pointed out, “In order for institutional capital to flow in, a clear structure and operational ability to take responsibility and protect assets in the event of an accident must precede the ideological philosophy of decentralization.”
Click Here For The Original Source.
