CertiK: 47% Drop in Crypto Hacks Masks Growing Threat
CertiK reports crypto losses fell 46.8% to $1.32B in H1 2026, but warns the drop is misleading due to the absence of a Bybit-scale hack, while attacks become more targeted and destructive, particularly by North Korean hackers.
Quick Take
H1 2026 crypto losses hit $1.32B, down 46.8% YoY.
Phishing drove Q1 losses; wallet compromises led Q2.
North Korean hackers linked to KelpDAO and Drift Protocol hacks.
CertiK: private key management remains critical security surface.
Market Impact Analysis
NeutralThe report warns of increasing attack sophistication but provides no immediate price-moving catalyst; impact is mostly informational.
Speculation Analysis
Key Takeaways
- A 47% drop in crypto losses is deceptive — attacks are becoming more targeted and devastating per incident.
- Phishing drained $508.2M in Q1; wallet compromises surged to $807.5M in Q2, a structural shift.
- North Korean hackers caused over 70% of Q2 losses via KelpDAO and Drift Protocol exploits.
- Private key management remains the most critical attack surface for institutions holding onchain assets.
What Happened
CertiK's H1 2026 report reveals crypto losses dropped 46.8% to $1.32 billion, but the headline masks a worsening threat environment. The decline is largely due to the absence of a record-setting hack like last year's $1.4 billion Bybit exploit. Instead, attackers shifted to phishing, which accounted for $508.2 million in Q1 losses, and wallet compromises, which surged to $807.5 million in Q2. Over 70% of Q2 losses stemmed from just two incidents: the KelpDAO and Drift Protocol hacks, both linked to North Korean state-sponsored groups. The data shows attackers are concentrating on high-value targets with increasingly sophisticated methods.
The Numbers
The $1.32 billion total represents a sharp drop from H1 2025’s Bybit-inflated figures. Q1 phishing losses hit $508.2 million; Q2 wallet compromise losses reached $807.5 million, with KelpDAO and Drift Protocol responsible for over $565 million combined. North Korean hackers have now stolen more than $6 billion in crypto since 2017. Meanwhile, TRM Labs recorded 207 incidents in H1 2026, more than double the 83 from a year ago, indicating that attack frequency is accelerating even as dollar losses appear lower.
Why It Happened
The apparent decline is a statistical illusion created by the Bybit outlier. Excluding that event, attacks are more frequent and more financially destructive per incident. North Korean hackers are refining their tradecraft, leveraging AI to scale attacks and target wallet infrastructures. The KelpDAO and Drift Protocol hacks exemplify this: sophisticated, likely insider-assisted operations that exploited private key weaknesses. CertiK warns that private key and multisig management remains the most critical security vulnerability for any entity holding significant onchain assets.
Broader Impact
The hacks prompted U.S., Japanese, and South Korean authorities to hold an emergency meeting on countering North Korean cyber activity. The recognition that North Korean IT workers are using AI for crypto theft signals a dangerous acceleration in state-sponsored hacking. With incident counts doubling year-over-year, the industry faces a permanently elevated baseline risk. Protocols must shift from reactive patching to proactive key hardening and continuous threat monitoring.
What To Watch Next
- Monitor international law enforcement efforts to disrupt North Korean crypto theft networks, especially as AI tools become widespread.
- Watch for broader adoption of MPC wallets and real-time onchain analytics by large DeFi protocols.
- Expect a high-profile exploit in H2 2026 given the structural trend toward more frequent, higher-impact attacks.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.