Skip to content
Active Currencies: 17,407
Market Cap: $2.212T
Bitcoin Dominance: 55.71%
24h Market Cap Change: $1.30

Crypto hacks hit record high in H1 2026 – What’s fueling the surge?

North Korean entities still remain crypto market biggest threat.

Crypto hacks hit record high in H1 2026 - What's fueling the surge?

TRM Labs, a blockchain security firm, reported 207 crypto hacks in the first half of 2026, the most in any six-month period. The bulk of the crypto hack cases happened in Q2 (126 incidents), led by KelpDAO, Humanity, and Rhea Lend exploits. 

Crypto hacks
Source: TRM Labs

In the first half of 2025, 85 crypto hacks were reported. In other words, H1 2026 saw more than double the number of crypto hack cases over the same period.  According to the report, most of the attacks were smart contract exploits, which accounted for 125 of the 207 incidents: a 60% dominance share in breaches.

Commenting on the same, Ari Redbord, global head of policy at TRM Labs, told AMBCrypto,

What I find most concerning is how concentrated these losses are in infrastructure failures. Three-quarters of all stolen value came from compromises of keys, custody systems, and signing infrastructure, not from smart contract bugs.

He concluded that,

The industry has improved at auditing code, but our operational security has not kept pace with our on-chain complexity.

crypto hacks
Source: TRM Labs

North Korea-linked actors drive 66% of crypto hacks

Despite the record number of breaches, the overall value stolen in 2026 was relatively small compared to 2025. 

The report noted that $972 million was lost as of June, which was below half of about $2.3 billion lost over the same period in 2025. Still, 66% of the stolen funds were driven by North Korean-linked entities

By the end of Q2 2026, North Korea-linked attackers’ share of stolen crypto funds was over 75%. However, intensified activity from other entities during the quarter reduced their dominance to 66% at press time. The impact of the hacks has been more devastating for the DeFi sector. Amid the broader bearish sentiment, the intensified crypto hacks further drove investors from the DeFi sector. 

In fact, in the KelpDAO’s $293 million hack, the attacker used fake tokens and deposited them in the Aave lending protocol and borrowed $190M in legitimate assets (wETH). There was a sudden liquidity crunch and subsequent bank run in Aave as investors feared the worthless collateral deposited by the attacker. As a result, Aave pools reached full utilization, preventing some late depositors from withdrawing their funds. 

This added to broader DeFi security risk, which has triggered $55 billion in capital outflows in H1 2026. At the time of writing, the total DeFi TVL (total locked value) has hit a two-year low of $70 billion, up from $120B seen earlier in 2026. 

crypto hack
Source: DeFiLlama

Final Summary

  • Crypto hack cases hit a record high of 207 in H1 2026, but the stolen value was below $1B 
  • North Korea-based threat actors accounted for $643M, or 66% of stolen funds over the same period. 

 

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Benjamin Njiri

Journalist

Benjamin Njiri is a Crypto Analyst and Reporter at AMBCrypto, specializing in technical analysis and emerging market trends. With a background in Telecoms engineering and power systems, he applies data analysis to filter market noise and decode on-chain data. His work delivers clear, data-driven insights that help readers navigate crypto markets with confidence.

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.