TRM says 207 crypto hacks hit H1 2026, with North Korea-linked attacks driving about $643M of $972M in losses.
Crypto hackers carried out 207 attacks in the first half of 2026, according to TRM data. That marked the highest number recorded for any six months.
Even so, total stolen funds fell to $972 million during H1 2026. The figure was less than half of the $2.3 billion stolen in H1 2025.
The report showed a split between the number of attacks and the value stolen. Smart contract exploits drove most cases, while infrastructure compromises caused most financial damage.
TRM linked about 66% of stolen funds, or roughly $643 million, to North Korea-linked activity. Most of that amount came from two major operations in April.
North Korea-Linked Attacks Drive Largest Losses
TRM said North Korea-linked groups were behind most stolen value in H1 2026. The activity was concentrated in two large attacks involving Drift Protocol and KelpDAO. Together, those incidents accounted for about $577 million in stolen assets.
Attackers carried out 207 crypto hacks in H1 2026 — a record for any six-month period — but total losses fell to USD 972 million, less than half of the USD 2.3 billion stolen in H1 2025. Two distinct patterns explain the divergence.
🔹 Infrastructure compromises made up roughly… pic.twitter.com/lLDiTjmrFM
— TRM Labs (@trmlabs) July 2, 2026
The Drift Protocol attack caused about $285 million in losses, according to the report. KelpDAO suffered about $292 million in a separate April operation. These two cases made up most of the North Korea-linked total for the period.
The figures showed that fewer large attacks can still shape overall crypto theft data. Total losses fell from H1 2025 because no single theft matched the previous year’s record level. However, TRM said the lower dollar amount did not show weaker attacker capability.
Smart Contract Exploits Push Incident Count Higher
Smart contract exploits accounted for most crypto hacks during H1 2026. These attacks helped push the incident count from 83 in H1 2025 to 207 in H1 2026. The sharp rise showed that attackers continued to target code across decentralized finance platforms.
However, smart contract exploits made up a smaller share of total stolen value. TRM placed the median loss per hack at about $219,000. The mean loss was about $4.7 million, showing that a few large cases raised the average.
This gap between median and mean losses showed a wide spread in attack size. Many incidents caused smaller losses, while a small group caused much larger damage. As a result, the number of hacks rose while total stolen funds declined.
Read also: TRM Labs Reaches $1B Valuation After $70M Series C Funding Round
Infrastructure Weakness Remains a Major Risk
Infrastructure and operational compromises made up about 15% of reported incidents in H1 2026. However, they accounted for about 76% of total stolen value. TRM said this category included weaknesses around key management and signing systems.
H1 2026: more hacks than ever, losses under $1B. That’s not good news.
TRM’s H1 2026 numbers: 207 hacks, a record, but only $972M stolen, less than half of H1 2025. Three things are true at once.
1. Incidents up, dollars down. Hacks more than doubled (83 to 207), almost all… https://t.co/GiSqrb8TDf
— Charles Guillemet (@P3b7_) July 2, 2026
The report showed that attackers gained the largest returns from access to operational controls. In these cases, stolen funds often moved through compromised signing processes or exposed infrastructure. This made infrastructure security a central issue for crypto platforms handling large balances.
TRM also noted that artificial intelligence may change attack patterns across the sector. Automated tools can scan code, configurations, and public systems at higher speed.
The report said stronger key protection, zero trust systems, and hardware-based controls are becoming more important.





Be the first to comment