Crypto Security: Hacks losses down 46.8% YoY, but attacks turn more targeted
Crypto security data from CertiK shows total losses fell 46.8% year over year to $1.32B in H1 2026. However, CertiK says the decline does not mean the ecosystem is getting safer.
The “headline” drop is partly explained by the absence of a prior-year blockbuster exploit comparable to the $1.4B Bybit hack. CertiK also argues attackers are shifting from scattered attempts to more targeted operations, increasing damage per incident.
Tactics changed by quarter. In Q1, phishing led with $508.2M in losses. In Q2, wallet compromises became the top driver at $807.5M. CertiK adds that over 70% of Q2 losses came from two incidents—attacks on KelpDAO and Drift Protocol—widely linked to North Korean state-sponsored hackers.
TRM Labs aligns with the same crypto security takeaway: lower stolen value should not be read as reduced capability. TRM reported security incidents rising from 83 (H1 2025) to 207 (H1 2026), with smart-contract exploits accounting for 125 incidents (~60%). Both firms emphasize strengthening private-key and multisignature (multisig) wallet controls, including better hardware security, multisig governance, and geographic distribution of signers.
Market relevance: this is a “bearish-neutral” setup for risk assets. Even with fewer dollars stolen, higher incident counts and targeted, state-linked DeFi exploits increase headline risk for protocols and can raise short-term volatility around hack-prone tokens.
Bearish
CertiK’s and TRM’s data both point to crypto security risk becoming structurally harder to ignore. While total stolen value dropped (a short-term, sentiment-supportive factor), the later article adds the “incident-level” reality: smart-contract exploits dominate and the number of incidents more than doubled. That combination usually raises probability of recurring headline events for DeFi and ecosystem tokens.
In the short term, traders may see heightened volatility and risk premia for protocols tied to wallet handling, multisig governance, and signer operations—because the main losses in Q2 clustered into a small number of high-impact hacks (KelpDAO, Drift). Over the longer term, the recommended hardening measures (hardware security, better multisig governance, distributed signers) imply that capital may rotate toward teams and custodial setups perceived as stronger, while weaker security postures could face sustained risk-off positioning.
Overall, the direction for the underlying crypto market impact (price of affected tokens only) is bearish: fewer dollars stolen does not equal fewer attack opportunities, and targeted, state-linked exploits raise downside tail risk.