H1 2026 Crypto Security Report: $1.31 Billion Lost as Hackers Shift Focus to Legacy Code and Wallets
H1 2026 Crypto Security Report: <$1.31 Billion> Lost as Hackers Shift Focus to Legacy Code and Wallets
The first half of 2026 brought serious trouble for the Web3 world. A new report shows that 344 security incidents caused more than <$1.31 billion> in losses. After some funds were frozen or recovered, the real damage still reached about $1.2 billion.
At first glance, the total looks smaller than the same period in 2025. But that earlier number was pushed up by one giant hack worth $1.45 billion. Without that single event, losses in 2026 are actually 28 percent higher. This shows the threat is growing, not shrinking.
April Stood Out as the Worst Month
April alone accounted for roughly $651 million in losses across 61 incidents. Two big events drove almost all of that damage. On April 1, the Drift Protocol on Solana lost $285 million after attackers took over admin keys and drained liquidity pools holding SOL, USDC, and Bitcoin. This remains the largest exploit ever seen on the Solana network.
Just weeks later, on April 18, Kelp DAO suffered a $291 million hit. Attackers used a flaw in the DVN failover system to push fake transactions and steal 116,500 rsETH. Together these two cases made up nearly 44 percent of all losses in the first half of the year.
Wallet Attacks and Phishing Caused the Biggest Damage
Wallet compromise turned out to be the most expensive type of attack. It led to $445 million in losses from only 33 incidents. That works out to more than $13 million per event on average. Hackers are clearly going after key management systems instead of trying to break smart contract code.
Phishing came in second with $366 million lost across 63 incidents. While the number of phishing attacks dropped by over 50 percent compared with 2025, the money stolen fell by just 10.8 percent. Attackers have moved from spraying out thousands of fake messages to running a few very targeted social engineering campaigns. Four of these precise attacks created 85 percent of all phishing losses, including one January case that alone took nearly $285 million.
Code Flaws Still Happen Most Often
Even though code vulnerabilities did not cause the largest dollar losses, they appeared in the highest number of incidents: 204 cases that cost $152 million. A worrying trend is that more of these attacks now hit contracts older than one year. Monthly incidents against these older contracts rose from 7 in October 2025 to 18 in May 2026. Hackers are going back and checking old code that teams may have stopped watching closely.
DPRK-Linked Groups Stay Active
State-backed actors, especially the Lazarus Group, continue to pose a steady threat. Their activity tends to increase in the second half of each year, so teams should prepare for more pressure in H2 2026. The Drift Protocol breach showed patterns similar to past Lazarus operations, though no official link was confirmed at the time of the report.
What Teams Can Do Now
The numbers make one thing clear: basic security steps still matter. Projects should run fresh audits on contracts that have been live for more than a year. Better key management and multi-signature controls can reduce wallet risks. Users need to stay alert for sophisticated phishing attempts that look more real than ever.
With losses already this high in the first half, the rest of 2026 could bring even bigger challenges if teams do not improve their defenses. Staying ahead of attackers means treating security as an ongoing job, not a one-time task.