Forbes Says Crypto Hack Losses Hit $1.32 Billion in First Half, With Wallet Breaches the Biggest Threat
Summary
- Forbes reported that crypto hack losses in the first half reached $1,315,676,432, up about 28% from a year earlier excluding a major incident from the same period last year.
- About 44% of losses came from Kelp DAO and Drift Protocol, with the report attributing them to operational and infrastructure security failures rather than smart-contract vulnerabilities.
- Losses from wallet breaches topped $444 million in the first half, while phishing and AI agents emerged as new risk factors, underscoring that security audits alone are no longer sufficient.
Forecast Trend Report by Period



Cryptocurrency hack losses exceeded $1.3 billion in the first half of 2026. While the total was lower than a year earlier on the surface, security threats were actually worse once a single outsized incident from last year is excluded.
Forbes reported on July 17, citing Web3 security firm CertiK’s Hack3D report, that 344 on-chain security incidents in the first half resulted in total losses of $1,315,676,432.
That was down 46.8% from a year earlier. However, most of last year’s losses stemmed from Bybit’s $1.45 billion hack in February 2025. Excluding that incident, last year’s total drops to about $1.03 billion. On that basis, first-half losses this year were actually up about 28%.
“A surface-level reading that losses fell by nearly 50% could create the impression that the ecosystem has become meaningfully safer,” CertiK said. “The data does not support that conclusion.”
About 44% of first-half losses came from two incidents involving Kelp DAO and Drift Protocol. Kelp DAO lost $291.3 million and Drift Protocol lost $285.3 million. In both cases, the cause was identified as failures in operational and infrastructure security rather than smart-contract code flaws.
“What stood out most in the first half was the nature of the losses,” CertiK co-founder and Chief Executive Officer Ronghui Gu said. Both incidents were caused by failures in operational and infrastructure security, not traditional smart-contract code vulnerabilities.
Wallet compromises were the most damaging attack type. CertiK said losses from wallet breaches exceeded $444 million in the first half, and the average loss per incident was the highest at more than $13 million.
Attackers are getting better returns by targeting key management, multisig governance and operational infrastructure than by looking for code bugs, Gu said.
Phishing attacks are also becoming more concentrated and targeted. The number of incidents fell to 63 from 132, but just four social-engineering attacks accounted for $310 million in losses. That represented about 85% of all phishing-related losses.
AI agents are emerging as a new risk factor. Gu said AI agents with wallet access are a new type of privileged key holder and may fail to filter malicious inputs if they are not properly secured.
Forbes said security audits alone are no longer enough. Even if a protocol passes a flawless code audit, it can still lose millions of dollars if an admin key is compromised, Gu said.
Minseung Kang
minriver@bloomingbit.ioBlockchain journalist | Writer of Trade Now & Altcoin Now, must-read content for investors.