NEW YORK, July 08, 2026 (GLOBE NEWSWIRE) -- CertiK recently released the CertiK Hack3D: H1 2026 Report, a data-driven analysis of Web3 security incidents from January through June 2026. Across 344 incidents, the ecosystem lost $1.3 billion, with adjusted net losses of approximately $1.2 billion after frozen and recovered funds. While total losses appear lower than H1 2025, that comparison is almost entirely a function of the $1.45 billion Bybit hack that defined that period. Stripped of that outlier, H1 2026 losses are approximately 28% higher on a comparable basis.
April Defined the Half
The most costly month of H1 2026 was April, which recorded approximately $651 million in losses across 61 incidents, shaped almost entirely by two events. The Kelp DAO RPC compromise ($291 million, April 18) saw attackers exploit a DVN failover mechanism to confirm fabricated transactions and withdraw 116,500 rsETH. The Drift Protocol breach ($285 million, April 1), the largest exploit ever recorded on Solana, was executed through a multi-stage administrative key compromise that enabled the attacker to drain SOL, USDC, and Bitcoin from the protocol's liquidity pools. Together, these two incidents account for nearly 44% of all H1 losses.
Wallet Compromise and Phishing Lead by Losses
Wallet compromise was the most financially destructive attack category, generating $445 million across 33 incidents at an average of over $13 million per event. The concentration of losses in a small number of high-impact events reflects a deliberate attacker focus on key management infrastructure rather than smart contract code.
Phishing was the second most costly vector at $366 million across 63 incidents. Despite a 52.3% decline in incident volume compared to H1 2025, losses fell by only 10.8%, as broad-volume campaigns have given way to precision social engineering attacks. Four such incidents produced approximately 85% of all phishing losses, with a single January event accounting for nearly $285 million alone.
Code Vulnerability Leads by Volume
Code vulnerability was the most prolific attack category with 204 incidents and $152 million in losses. A growing share of these targeted contracts is more than one year old, with monthly incidents in this cohort rising from 7 in October 2025 to 18 in May 2026, suggesting attackers are systematically revisiting legacy codebases well beyond the initial deployment window.
DPRK Remains a Structural Threat
The report includes a dedicated assessment of DPRK-linked threat activity. State-sponsored actors, most notably the Lazarus Group, have consistently escalated operations as each calendar year progresses, with H2 2026 representing a period of heightened concern. The Drift Protocol breach bears characteristics consistent with prior Lazarus Group operations, though formal attribution had not been confirmed at publication.
Full report: https://indd.adobe.com/view/9f1c777d-8d9f-4b14-b417-e4a29ee5359a
Media contact
Elisa Yiting Xu
yiting.xu@certik.com