
207 crypto hacks in H1 2026 set a record, but total losses fell to $972M — less than half of the $2.3B stolen in H1 2025. North Korea-linked attacks drove 66% of losses.
Crypto hacks reached a new record during the first half of 2026, even as total losses declined sharply from a year earlier. Attackers carried out 207 separate incidents and stole $972 million during the six-month period, TRM Labs reported.
The number of incidents more than doubled compared with the same period in 2025. The data shows that smaller exploits now occur more frequently while a few major breaches still drive most financial damage.
TRM Labs tracked 207 incidents, up from 83 cases during the first half of last year. The increase continued throughout the year instead of emerging from a single event. The firm recorded 123 incidents during the second quarter alone.
Smart contract exploits accounted for 125 of the 207 incidents. These attacks targeted decentralized finance protocols, decentralized exchanges, and token projects. According to TRM Labs, attackers increasingly combined several code manipulations into one exploit. The firm said this trend contributed to the steady rise in incident numbers.
Despite the increase, financial losses remained well below 2025 levels. Total stolen funds reached $972 million compared with $2.3 billion during the first half of last year. TRM Labs said the median loss from a hack stood near $219,000. Thousands of DeFi applications and smart contracts continue to create new opportunities for attackers.
Two distinct patterns explain the divergence. Infrastructure compromises made up roughly 15% of incidents but generated around 76% of total losses. TRM Labs said these breaches targeted signing systems, credentials, and asset control infrastructure rather than vulnerabilities in on-chain code. Smart contract exploits made up most incidents but contributed a much smaller share of stolen funds.
North Korea-linked activity dominated the loss side. TRM Labs attributed about $643 million of stolen funds to North Korea-linked activity, roughly 66% of all losses recorded during H1 2026. Nearly all of those losses came from two April attacks. The breaches targeted Drift Protocol and KelpDAO and resulted in combined losses of about $577 million. The Drift Protocol incident accounted for approximately $285 million in losses. The KelpDAO exploit added another $292 million, according to TRM Labs.
The report also identified other attack types during the period. One physical coercion incident, commonly called a wrench attack, resulted in losses of around $24 million.
TRM Labs said organizations should continue auditing smart contracts while strengthening key management systems and transfer approval procedures. The firm also noted that major infrastructure compromises continue to define annual crypto theft totals even when smaller exploits occur more frequently.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.