
Web3 Lost $1.31B in H1 2026 — Breaking Down CertiK's Report
Security firm CertiK published its Hack3D report for the first half of 2026: the Web3 industry lost $1.31 billion across 344 separate incidents, with net losses around $1.2 billion after accounting for frozen and later-recovered funds, CertiK reports.
The main loss categories: wallet compromises at $445 million across 33 incidents, phishing at $366 million across 63 incidents, and code vulnerabilities at $152 million across 204 incidents. Notably, phishing and wallet compromises produced fewer incidents but a higher average loss per attack than purely technical code flaws.
April 2026 was the most destructive month — $651 million in losses across 61 incidents, including the half's two largest hacks: the Kelp DAO RPC compromise on April 18 ($291 million) and the Drift Protocol breach on April 1 ($285 million, the largest exploit in Solana's history). Together, those two incidents account for roughly 44% of all H1 losses.
CertiK also notes a shift in attacker tactics: mass phishing campaigns are giving way to targeted social-engineering attacks, attackers increasingly target contracts older than a year, and the Lazarus Group, linked to North Korea, remains a structural threat to the industry.
The upshot: the bigger and older a protocol, the more attractive it is to attackers — "battle-tested" code is no guarantee against critical vulnerabilities, and the industry still hasn't reversed the trend of multi-billion-dollar losses six months in.
This article is for informational purposes only and does not constitute investment advice.

Author
Mike RobinsonNews feed editor
I'm constantly writing about crypto, Bitcoin, and altcoins. I cover a variety of topics related to the virtual currency market.
Comments (0)
No comments yet — be the first!
Related news

How a Defective Random Number Generator Drained $5M From Wallets

Bitcoin Near $64K — But What Do Chips and the Yen Have to Do With It
