CertiK Says H1 2026 Web3 Losses Topped $1.31B, Up 28% Excluding Bybit Baseline

Coinbase
Bybit



Web3 security incidents cost the industry more than $1.31 billion across 344 events in the first half of 2026, according to CertiK’s Hack3D H1 2026 Report, published Monday. Net losses stood near $1.2 billion after frozen and recovered funds, the blockchain security firm said. Headline totals show…

Web3 security incidents cost the industry more than $1.31 billion across 344 events in the first half of 2026, according to CertiK’s Hack3D H1 2026 Report, published Monday. Net losses stood near $1.2 billion after frozen and recovered funds, the blockchain security firm said.

Headline totals show a 46.8% year-over-year drop, but CertiK (in a post on its official X account) said that comparison is skewed by the $1.45 billion Bybit hack that inflated H1 2025’s tally. Stripping out that outlier, H1 2026 losses were approximately 28% higher than the equivalent year-ago baseline.

Wallet Compromise Leads

Wallet compromise was the costliest attack vector, generating more than $444 million in losses across 33 incidents, CertiK found. The category was driven primarily by the Kelp DAO RPC compromise and the Drift Protocol breach, both of which occurred in April 2026.

Ledger

Phishing Gets More Targeted

Phishing incident counts fell, but losses stayed elevated as attackers shifted from broad campaigns to fewer, higher-value social-engineering hits on wallets holding significant on-chain wealth. Four such incidents accounted for roughly 85% of all phishing losses in the period, per the report.

CertiK also devoted a section to North Korea-linked activity, saying state-sponsored actors, most notably the Lazarus Group, have escalated operations as prior calendar years progressed, and flagged the second half of 2026 as a period of heightened concern.

The Defiant has previously covered CertiK’s monthly Hack3D tallies, including a $370 million January 2026 reading. Monday’s report is the firm’s first half-year rollup for 2026, aggregating those monthly figures alongside attack-vector and threat-actor analysis.



Source link

fiverr

Be the first to comment

Leave a Reply

Your email address will not be published.


*