- In the first half of 2026, the crypto market saw a record number of hacks.
- Their number reached 207 hacking attacks, while the total amount came in at under $1 billion.
- Experts stressed that smart contract audits no longer protect crypto projects from theft.
In the first half of 2026, the crypto industry suffered 207 hacking attacks — the highest number of incidents in any six-month period in TRM Labs’ tracking history. At the same time, total losses fell to $972 million, more than halving from $2.3 billion a year earlier.
Attackers carried out 207 crypto hacks in H1 2026 — a record for any six-month period — but total losses fell to USD 972 million, less than half of the USD 2.3 billion stolen in H1 2025. Two distinct patterns explain the divergence.
🔹 Infrastructure compromises made up roughly… pic.twitter.com/lLDiTjmrFM
— TRM Labs (@trmlabs) July 2, 2026
Record Number of Attacks, but Not by Total Funds Stolen
According to TRM Labs, from January through June 2026, hackers carried out 207 separate attacks against cryptocurrency projects. By comparison, only 83 incidents were recorded over the same period in 2025.
Despite the record level of malicious activity, the total amount stolen came to $972 million, less than half the figure for the first half of 2025.

Analysts noted that the average incident size is heavily skewed by a handful of outsized attacks. A typical hack in the first half of the year cost victims about $219,000, while the mean figure, driven up by major exploits, exceeded $4.7 million.
The biggest increase in the number of attacks came from smart contract exploits targeting DeFi protocols, decentralized exchanges, and token projects. At the same time, these accounted for only a small share of the financial losses.
North Korea Remains the Main Source of the Largest Thefts
According to TRM Labs, about $643 million, or 66% of all stolen funds, is linked to the activity of hacker groups affiliated with North Korea.
Virtually all of this amount came from two major attacks in April:
Together, they brought attackers about $577 million.
At the same time, experts stress that the activity of North Korean groups has not declined. The drop in total losses is explained solely by the absence of other attacks on the scale of the record-breaking incidents of 2025.
Beyond direct hacks, North Korea continues to obtain cryptocurrency through phishing campaigns, scams, social engineering, and the use of front IT workers.
The Biggest Threat Is no Longer Code, but Infrastructure
TRM pointed to a significant shift in the structure of attacks.
Infrastructure and operational compromises — including private key theft, the compromise of transaction-signing systems, and corporate infrastructure — accounted for only about 15% of all incidents, but drove 76% of total financial losses.
By contrast, smart contract exploits became the most common type of attack, but their contribution to the total amount stolen was significantly smaller.
Among unusual cases, analysts also highlighted a physical wrench attack, in which the victim was forced to hand over access to crypto assets. Losses from this incident are estimated at $24 million.
In TRM’s view, companies should shift their focus from smart contract audits alone to:
- Private key protection
- Multi-layer approval mechanisms for large transfers
- Signing infrastructure security
- Incident response plans for large-scale events
- Insurance and capital reserves
June Confirmed the Trend
Separately, analysts at PeckShieldAlert reported that in June 2026, the crypto market suffered 40 major attacks with total losses of $75.87 million, down 7.13% from May ($81.7 million).
#PeckShieldAlert In June 2026, the crypto space experienced 40 major hacks, resulting in total losses of $75.87M — a 7.13% month-over-month decrease from May ($81.7M).
Both #Aztec Bridge & #Aztec Connect were targeted within the same month, with combined losses of ~$4M.
The… pic.twitter.com/C9Na7EN422
— PeckShieldAlert (@PeckShieldAlert) July 1, 2026
The biggest incidents of the month were:
In addition, within a single month, Aztec Bridge and Aztec Connect were attacked, losing about $4 million combined.
PeckShield also noted that the funds stolen from Humanity Protocol were laundered through the Bitcoin, Solana, Hyperliquid, and BNB Chain networks. Some of these assets were mixed with funds linked to the KelpDAO hack, which may indicate a possible connection between the perpetrators of both attacks.
The Trend Has Been Going on for Several Months
The past few months have painted a mixed picture.
After crypto hack losses fell to $26.5 million in February 2026, March brought more than $50 million in losses and a record number of attacks, according to CertiK. In April, the industry endured the worst month in DeFi history, with more than $635 million in losses. By May, losses again dropped sharply by nearly 90%, although the number of attacks remained high.
The five biggest hacks over the past six months included attacks on KelpDAO, Drift Protocol, Humanity Protocol, Resolv Labs, and Rhea Finance.


At the same time, CertiK CEO Ronghui Gu warned about hackers using artificial intelligence more actively, and experts are increasingly talking about the start of a new phase of cyber threats for the crypto industry.
TRM concluded that the current decline in losses does not mean the market is becoming safer. It only indicates the absence of another record-breaking hack on the scale of 2025, while attackers’ capabilities remain consistently high.
As a reminder, in February last year, the “largest in internet history” hack of the Bybit exchange took place, totaling $1.5 billion.
Click Here For The Original Source.
