CertiK Warns Ecosystem is Not Safer Despite 47% Drop in Crypto Hack Losses

1 hour ago 2 sources negative

Key takeaways:

  • Surge in crypto attack frequency undermines confidence, raising risk premiums for DeFi tokens.
  • North Korean AI-powered exploits threaten top protocols, potentially triggering liquidity outflows from compromised platforms.
  • Sharp rise in wallet compromises necessitates rigorous key management, impacting user trust in custodial solutions.

Blockchain security firm CertiK has released its H1 2026 report, revealing a 46.8% year-over-year drop in total crypto losses to $1.32 billion. However, the company emphatically warns that this figure is misleading and obscures a more perilous landscape where attackers are becoming more targeted and destructive.

CertiK pointed out that the comparison is distorted by the record-breaking $1.4 billion Bybit hack in 2025. Removing that outlier, losses in H1 2026 were actually approximately 28% higher than in the comparable period last year. “A surface-level reading of ‘losses down nearly 50%'’ would suggest a significantly safer ecosystem. The data does not support that conclusion,” CertiK stated.

The number of incidents doubled from 83 to 207, the highest six-month total recorded by blockchain intelligence firm TRM Labs. Phishing dominated Q1 with $508.2 million stolen, while wallet compromises surged 59% in Q2 to cause $807.5 million in losses. Over 70% of those Q2 losses stemmed from two massive exploits on KelpDAO and Drift Protocol, both attributed to North Korean state-sponsored hackers.

TRM Labs estimates that North Korean groups have stolen over $6 billion in crypto since 2017. The severity of the KelpDAO and Drift breaches led to a trilateral meeting between authorities from the U.S., Japan, and South Korea to coordinate countermeasures. Officials acknowledged that North Korean IT workers are increasingly deploying artificial intelligence to scale up and refine their cyber operations.

Smart contract exploits accounted for 125 incidents (60% of the total), underscoring the persistent vulnerability of code-level security. CertiK stressed that private key management and multisignature wallets remain the most critical attack surface, recommending reinforcement of key custody across hardware, governance, and geographic distribution. Hardware wallet maker Ledger reiterated that keeping seed phrases offline and never sharing them is essential against phishing and unauthorized access.

Disclaimer

The content on this website is provided for information purposes only and does not constitute investment advice, an offer, or professional consultation. Crypto assets are high-risk and volatile — you may lose all funds. Some materials may include summaries and links to third-party sources; we are not responsible for their content or accuracy. Any decisions you make are at your own risk. Coinalertnews recommends independently verifying information and consulting with a professional before making any financial decisions based on this content.