Skip to main content

CertiK Hack3D: H1 2026 Report Reveals Over $1.31 Billion Lost to Web3 Security Incidents in the First Half of 2026

ⓘ This article is third-party content and does not represent the views of this site. We make no guarantees regarding its accuracy or completeness.

NEW YORK, July 08, 2026 (GLOBE NEWSWIRE) -- CertiK recently released the CertiK Hack3D: H1 2026 Report, a data-driven analysis of Web3 security incidents from January through June 2026. Across 344 incidents, the ecosystem lost $1.3 billion, with adjusted net losses of approximately $1.2 billion after frozen and recovered funds. While total losses appear lower than H1 2025, that comparison is almost entirely a function of the $1.45 billion Bybit hack that defined that period. Stripped of that outlier, H1 2026 losses are approximately 28% higher on a comparable basis.

April Defined the Half

The most costly month of H1 2026 was April, which recorded approximately $651 million in losses across 61 incidents, shaped almost entirely by two events. The Kelp DAO RPC compromise ($291 million, April 18) saw attackers exploit a DVN failover mechanism to confirm fabricated transactions and withdraw 116,500 rsETH. The Drift Protocol breach ($285 million, April 1), the largest exploit ever recorded on Solana, was executed through a multi-stage administrative key compromise that enabled the attacker to drain SOL, USDC, and Bitcoin from the protocol's liquidity pools. Together, these two incidents account for nearly 44% of all H1 losses.

Wallet Compromise and Phishing Lead by Losses

Wallet compromise was the most financially destructive attack category, generating $445 million across 33 incidents at an average of over $13 million per event. The concentration of losses in a small number of high-impact events reflects a deliberate attacker focus on key management infrastructure rather than smart contract code.

Phishing was the second most costly vector at $366 million across 63 incidents. Despite a 52.3% decline in incident volume compared to H1 2025, losses fell by only 10.8%, as broad-volume campaigns have given way to precision social engineering attacks. Four such incidents produced approximately 85% of all phishing losses, with a single January event accounting for nearly $285 million alone.

Code Vulnerability Leads by Volume

Code vulnerability was the most prolific attack category with 204 incidents and $152 million in losses. A growing share of these targeted contracts is more than one year old, with monthly incidents in this cohort rising from 7 in October 2025 to 18 in May 2026, suggesting attackers are systematically revisiting legacy codebases well beyond the initial deployment window.

DPRK Remains a Structural Threat

The report includes a dedicated assessment of DPRK-linked threat activity. State-sponsored actors, most notably the Lazarus Group, have consistently escalated operations as each calendar year progresses, with H2 2026 representing a period of heightened concern. The Drift Protocol breach bears characteristics consistent with prior Lazarus Group operations, though formal attribution had not been confirmed at publication.

Full report: https://indd.adobe.com/view/9f1c777d-8d9f-4b14-b417-e4a29ee5359a

Media contact
Elisa Yiting Xu
yiting.xu@certik.com


Primary Logo

Report this content

If you believe this article contains misleading, harmful, or spam content, please let us know.

Report this article

Recent Quotes

View More
Symbol Price Change (%)
AMZN  245.34
-1.70 (-0.69%)
AAPL  315.32
-0.90 (-0.28%)
AMD  557.89
+11.17 (2.04%)
BAC  59.67
+0.42 (0.71%)
GOOG  355.03
-1.21 (-0.34%)
META  669.21
+37.73 (5.97%)
MSFT  385.10
+0.74 (0.19%)
NVDA  210.96
+8.18 (4.03%)
ORCL  140.64
-3.08 (-2.14%)
TSLA  407.76
+1.21 (0.30%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.