
Web3 Hacks Netted $1.3B in Six Months — and the Attack Playbook Just Changed
According to CertiK's Hack3D report for the first half of 2026, Web3 projects lost $1,315,676,432 to attacks across 344 separate security incidents during the period.
The numbers are misleading without context
On paper, that's a 46.8% drop from H1 2025 ($2.47 billion). But that comparison is almost entirely a function of a single outlier — the $1.45 billion Bybit hack that defined last year's numbers. Strip that one-off event out, and 2026's losses are actually about 28% higher on a comparable basis.
The two biggest incidents
- Kelp DAO RPC compromise ($291M, April 18): attackers exploited a DVN failover mechanism to confirm fabricated transactions and withdraw 116,500 rsETH
- Drift Protocol breach ($285M, April): the half's second-largest incident
Together, these two events accounted for nearly 44% of all H1 losses.
The attack playbook has shifted
Wallet compromise emerged as the most financially destructive attack category, generating over $444 million across just 33 incidents. Phishing came second, costing $366.3 million across 63 incidents. CertiK's analysts are blunt about it: the underlying security environment hasn't improved — in several meaningful respects, it's gotten worse.
What this means in practice
The shift toward wallet compromise and phishing signals that purely technical smart-contract audits no longer guarantee safety on their own: a significant share of major losses now stems from operational security failures and social engineering rather than protocol-level code vulnerabilities.
This material is for informational purposes only.

Author
Mike RobinsonNews feed editor
I'm constantly writing about crypto, Bitcoin, and altcoins. I cover a variety of topics related to the virtual currency market.
Comments (0)
No comments yet — be the first!
Related news

Meta Employees Sue Over AI-Assisted Layoffs

Bitcoin Miners Cut Output Again — Here's What's Going On
