arrow back

207 hacker attacks in six months: DeFi under pressure

04 Jul 2026

207 hacker attacks and $972 million in losses in H1 2026 hit DeFi and traders. Learn why the risk shifted from code to access.

The crypto market experienced 207 hacker attacks in the first half of 2026, and DeFi projects, traders, and token holders were the first to feel the pressure. Total losses amounted to $972 million, meaning less than $1 billion, but the number of incidents itself was a six-month record in the entire history of observations.

By comparison, there were only 83 attacks in the same period of 2025. The difference is striking. Even more importantly, the second quarter of 2026 set a separate record, with 123 incidents. So this was not just one bad month, but a prolonged wave.

Why are smart contract audits no longer enough?

The simple answer is this: because attackers are not only targeting code. The report shows a shift toward infrastructure attacks, where the goal is not to find a flaw in a contract, but to steal a private key, compromise a signing system, or gain access to corporate infrastructure. These cases accounted for about 15% of all incidents, but caused 76% of all financial losses.

This is bad news for teams that have relied almost entirely on pre-launch audits for years. Audits matter. But they do not protect against phishing, social engineering, or the compromise of internal access. In this sense, the story of 2026 is very similar to the lesson the market already saw after the high-profile breaches of 2025, which we covered in our piece on why audits do not save Web3.

The report also emphasizes that the average incident size is heavily distorted by several large attacks. A typical hack cost victims about $219,000, but the average figure rose above $4.7 million because of several very large exploits. The difference here is enormous. It shows that there were many more small attacks, while the large losses made the overall picture much more painful.

Who took the most money?

According to the report, about $643 million, or 66% of all stolen funds, is linked to groups associated with North Korea. And here too there is a clear figure that explains a lot: almost all of that amount came from two April hacks, Drift Protocol at about $285 million and KelpDAO at about $292 million.

Together, these two attacks accounted for about $577 million. That is almost 30% of all losses in six months from just one KelpDAO exploit, which is called the largest crypto hack of H1 2026. Against this backdrop, it is clear why even with a record number of attacks, total losses did not reach the 2025 peak: there simply was no other single blow of that scale.

The report explicitly says that the gap between the record number of attacks and lower total losses is explained by two separate patterns. One is the surge in incidents. The other is the absence of another Bybit-scale hack, which took nearly $1.5 billion in February 2025.

And there is another important detail for Ukrainian readers. When the market sees numbers like these, it starts to value simple things more quickly, such as multi-step confirmation of large transfers, access control, and proper key storage, rather than just a project’s polished website. That is what separates a live service from tomorrow’s hack headline.

Market reaction

June confirmed that the wave is not fading quickly. According to industry analysts, in June 2026 the crypto market suffered 40 major attacks with total losses of $75.87 million. That is 7.13% less than in May, when losses reached $81.7 million.

The monthly decline in losses looks good only at first glance. The number of attacks remains high, and individual cases are still very painful. Analysts, for example, highlighted Humanity Protocol, where the exploiter moved 15,403 ETH, about $23.6 million, to a new address in Ethereum and then into Bitcoin. According to them, part of the funds mixed with flows from KelpDAO.

  • 207 attacks in H1 2026, a six-month record.

  • $972 million in total losses, meaning less than $1 billion.

  • 83 incidents were recorded in H1 2025, almost 2.5 times fewer.

  • 123 incidents occurred in the second quarter of 2026.

  • $643 million, or 66%, linked to North Korean groups.

  • $75.87 million in losses in June 2026, according to industry analysts.

That is why the market is now reacting not to one big headline, but to the sheer frequency of attacks. If hacks keep coming one after another, even without a giant one-time loss, trust in DeFi projects erodes slowly but steadily.

What does this mean for investors?

For those holding tokens in DeFi, the conclusion is simple: the risk has shifted from code to access. If the main concern used to be a smart contract bug, now private keys, transaction signing, and internal team accounts are no less dangerous. That is why it is recommended to look beyond a single pre-launch audit.

The practical takeaway for investors is also straightforward. When a project talks only about an audit but does not explain how it protects keys, who has the right to make large transfers, and what it does in the event of an incident, that is already a red flag. The story of 2026 shows that even big names are not immune to losses of tens or hundreds of millions of dollars.

One more point. The North Korean trace in 66% of stolen funds means this is not a random one-off threat, but a well-organized and repeatable risk. That means teams should spend money not only on audits, but also on backup schemes, insurance, response plans, and employee oversight, because the biggest damage often comes through people and internal infrastructure.

For ordinary users, this means one simple thing: do not keep everything in one place, check wallet permissions, and do not rush to sign transactions you do not understand.

Frequently asked questions

How many hacker attacks occurred in the crypto market in the first half of 2026?

There were 207 attacks recorded from January to June 2026. This is a record for any six-month period in the entire history of observations.

Why were losses smaller than a year earlier, even though there were more attacks?

Because in 2025 there were several very large hacks, while in 2026 there were none on that scale. Total losses in H1 2026 amounted to $972 million, while in H1 2025 they were $2.3 billion.

Which type of attack is the most dangerous now?

Infrastructure and operational compromises bring in the most money. They accounted for about 15% of incidents, but delivered 76% of all losses.

The main conclusion here, without embellishment, is that DeFi and the broader crypto market are being attacked more often, and money is now more often stolen not because of a code bug, but because of weak access to keys and internal systems. This means that project security in 2026 is measured not by one audit, but by how well the entire operational side is protected. Those who want to quickly sell USDT TRC20 for Monobank can do so without extra steps if they want to convert part of their funds into hryvnia.

This material is not financial advice. Cryptocurrency trading involves significant risks. Part of this text was prepared with the help of artificial intelligence based on public sources and reviewed by our editorial team.