Cryptocurrency
Crypto hacks hit a record count but the biggest threat isn’t smart contracts – Crypto News
Crypto hack counts just set a record. The warning in TRM Labs’ latest data is where the money is actually being lost.
In its H1 2026 crypto hack review, TRM Labs said attackers carried out 207 separate hacks in the first half of the year, the most the firm has recorded in any six-month period.
Yet total losses fell to $972 million, less than half the $2.3 billion stolen during the first half of 2025.
That split changes the security story. More protocols, tokens, and decentralized applications are being hit, but the losses that still define the year are concentrated in operational systems: keys, custody, signing infrastructure, approval flows, and other controls around the code rather than the code alone.
For DeFi teams, smart-contract audits remain necessary because smart-contract exploits accounted for most incidents. The losses that can erase hundreds of millions of dollars increasingly come from systems that decide who can move funds, how signatures are approved, and how infrastructure around a protocol is trusted.
More incidents, smaller typical losses
TRM said the number of hacks more than doubled from 83 incidents in H1 2025 to 207 in H1 2026. Q2 alone produced 123 incidents, after a record-setting first quarter.
Most of that increase came from smart-contract exploits, which accounted for 125 of the 207 incidents.
The typical loss, however, was much smaller than the headline total suggests. TRM put the median hack at about $219,000, while the mean was $4.7 million.
That gap shows how a few very large incidents can dominate aggregate losses, even as the day-to-day threat environment becomes more crowded with smaller exploit attempts.
The result is a split security picture. On the one hand, DeFi is still dealing with code-level vulnerabilities, complex protocol logic, and multi-step manipulations that lead to frequent losses.
On the other hand, the largest damage is coming from failures in the systems that hold or authorize control of funds.
TRM said infrastructure and operational compromises accounted for only about 15% of incidents in H1 2026 but roughly 76% of stolen value.
That ratio turns the report from a hack-count story into a security-priority story.
If a protocol treats audits as the whole security program, it is defending only part of the risk. An attacker can skip the core contract by compromising a signer, manipulating a bridge validation path, poisoning an operational dependency, or obtaining approval for a malicious transfer.
The clearest example is the concentration of North Korea-linked activity. TRM assesses that about $643 million, or roughly 66% of all funds stolen in H1 2026, was attributable to North Korea-linked activity.
That figure was down from about $1.7 billion in the first half of 2025, but it still made North Korea-linked actors the largest source of stolen value in the period.
Nearly all of that H1 2026 total came from two April operations involving Drift Protocol and KelpDAO. TRM put the Drift loss at roughly $285 million and KelpDAO at roughly $292 million, for a combined total near $577 million.
Those incidents reflected the same broader pattern: attackers targeted the infrastructure and human layers around DeFi systems rather than simply hammering at core smart contracts.
That distinction matters because North Korea-linked operations are more than another exploit category. They combine technical intrusion, social engineering, operational patience, laundering infrastructure, and state-directed financial goals.
A single successful operation can outweigh months of smaller non-state exploits.
TRM’s warning is that the lower dollar total in H1 2026 reflects the absence of another theft on the scale of 2025’s largest attacks, not a reduction in attacker capability.
In other words, the aggregate number fell because the biggest outlier was smaller, while the class of risk that creates outliers remains unresolved.
That makes the next large loss less likely to look like a simple bug report. It is more likely to expose a weak approval process, a compromised private key, a signer that could be socially engineered, a vendor or infrastructure dependency that was trusted too broadly, or a response plan that moved too slowly once funds began crossing chains.
Audits need an operational layer
Smart-contract work remains important, but it needs controls around the systems that move funds. TRM says code exploits remain the most common incident type, and DeFi protocols still need audits, formal review, monitoring, and incentives for disclosure.
The change is that audits cannot be the ceiling of the security program.
The controls that matter most for catastrophic loss sit around asset movement. TRM specifically pointed to key management, signing infrastructure, approval workflows, and custody as areas requiring greater attention.
Those are operational disciplines as much as technical ones.
A hardened protocol now needs to know who can initiate large transfers, who can approve them, which devices and repositories can touch signing paths, how governance changes are delayed or challenged, and what happens if a trusted operator, contributor, or vendor account is compromised.
A static audit report cannot answer those questions after the operational environment changes.
That is why recent CryptoSlate security coverage has kept returning to the same theme: operational security, signing practices, governance, bridge validation, and infrastructure controls are becoming part of the industry’s policy-facing defense posture.
A separate CryptoSlate analysis warned that DeFi’s older exploit patterns may be fading, but newer risks can travel across chains and infrastructure layers when protocols reuse systems or trust assumptions too broadly.
For security teams, the next budget discussion should therefore cover more than another audit cycle.
It should include hardware-backed signing, multi-party approval for large transfers, limits on privileged access, monitored developer devices, stronger vendor review, tested incident-response playbooks, and treasury planning for a worst-case infrastructure compromise rather than an average exploit.
The same shift affects exchanges, custodians, and financial institutions that may never be the initial target. TRM said stolen assets often move through cross-chain bridges and no-KYC swap services before reaching exchanges.
That makes first-hop screening inadequate when attackers can quickly move value across chains and services.
Multi-hop transaction monitoring, faster wallet intelligence sharing, and coordination between protocols, exchanges, stablecoin issuers, analytics firms, and law enforcement become part of the security stack.
TRM pointed to information-sharing networks as one answer because response time can determine whether stolen funds are frozen, traced, or laundered beyond easy recovery.
For protocols, this creates a second operational burden. The security plan has to assume that prevention can fail.
It must define who can pause systems, who can contact counterparties, how attacker addresses are distributed, and which transfer paths are watched in the first minutes after detection.
That is the real meaning of TRM’s H1 2026 data. Crypto experienced more hacks and fewer losses, but it also exposed a split between the growing volume of smaller smart-contract incidents and the concentrated operational compromises that still set the industry’s loss profile.
The next test is whether DeFi teams and custodians treat that split as a reason to rebalance security priorities.
If the largest losses continue to stem from compromised keys, signing workflows, custody systems, and infrastructure dependencies, catastrophic risk will fall only when the movement of funds becomes harder to compromise, slower to abuse, and easier to interrupt once an attacker is inside.
-
Blockchain1 week agoBitcoin Rebounds Off Yearly Lows But US Stocks Flash Warning Sign – Crypto News
-
De-fi1 week agoAave’s Kulechov Disputes Report, Says Firm Won’t Sell AAVE at ‘70%’ Discount – Crypto News
-
Metaverse1 week agoCan AI replace lawyers? An ₹8.8 lakh defeat for humans suggests it’s already happening – Crypto News
-
De-fi1 week agoPolymarket Confirms $3 Million Loss From Third-Party Front-End Supply-Chain Breach – Crypto News
-
Technology6 days agoWill iPhone 17 Pro Max cost nearly ₹2 lakh in India? Leak suggests so – Crypto News
-
Business1 week ago
UBS, $165B Banking Giant, Tests Ethereum Infra With Nethermind – Crypto News
-
Technology1 week ago
Cathie Wood’s ARK Invest Buys The Dip In Coinbase, Robinhood, Circle Stocks – Crypto News
-
Business1 week ago
Cathie Wood’s ARK Invest Buys The Dip In Coinbase, Robinhood, Circle Stocks – Crypto News
-
Technology1 week ago
Cathie Wood’s ARK Invest Buys The Dip In Coinbase, Robinhood, Circle Stocks – Crypto News
-
Technology1 week ago
Cathie Wood’s ARK Invest Buys The Dip In Coinbase, Robinhood, Circle Stocks – Crypto News
-
De-fi1 week agoPolymarket Confirms $3 Million Loss From Third-Party Front-End Supply-Chain Breach – Crypto News
-
Blockchain1 week agoEU Lawmakers Back Review of DeFi, Staking and NFT Regulation – Crypto News
-
Business1 week ago
Solana Price Prediction as Open Interest Soars: Will Bulls Reclaim $80k Soon? – Crypto News
-
Blockchain1 week agoCoinbase, Circle Deepen Crypto Stock Losses Despite Resilient S&P 500 – Crypto News
-
Business7 days ago
Crypto Market Analysis: Why Bitcoin, Stocks, and Gold Could Face Heavy Volatility on Monday – Crypto News
-
others1 week ago
Breaking: Ripple Promotes CLARITY Act With Latest “On The Road” Campaign – Crypto News
-
others1 week ago
Breaking: Ripple Promotes CLARITY Act With Latest “On The Road” Campaign – Crypto News
-
others1 week ago
Morgan Stanley Predicts Fed To Hold Rates This Year Despite Rate Hike Bets – Crypto News
-
De-fi1 week agoRipple Launches RLUSD in Japan via SBI as Circle and Nomura Join Stablecoin Race – Crypto News
-
Cryptocurrency1 week agoBinance will be cut off from Europe on July 1 – Crypto News
-
others1 week agoWells Fargo Employee Drains $655,000 From Bank’s Vaults and ATMs, Manipulates Monthly Audits To Cover Tracks: DOJ – Crypto News
-
Blockchain1 week agoEU Lawmakers Back Review of DeFi, Staking and NFT Regulation – Crypto News
-
Business1 week ago
XRP Price Outlook as Ripple CEO Backs Bitcoin Rally – Crypto News
-
others5 days agoMichael Saylor’s Strategy Boosts US Dollar Reserves, Unveils ‘Bitcoin Monetization Program’ – Crypto News
-
others3 days ago
CoinGape Announces Winners of the Web3 Innovation Awards 2026 – Crypto News
-
others1 week ago
Strategy Director Sells More Stake As MSTR Stock Price Hits Record Low At $85 – Crypto News
-
Business1 week ago
How Japan’s Public Companies Are Quietly Becoming Digital Asset Treasury Giants – Crypto News
-
Cryptocurrency1 week agoUS crypto perps are live but Bitcoin may be the only market many traders can actually use – Crypto News
-
others1 week ago
Galaxy Digital Lowers CLARITY Act Approval Odds To 50% As Senate Timeline Tightens – Crypto News
-
others1 week agoToss Brings 30 Million Users Into the AI Data Economy in Partnership With Poseidon – Crypto News
-
Cryptocurrency1 week agoFed stress tests reveal whether banks can survive a 10% unemployment shock – Crypto News
-
Cryptocurrency1 week agoFed stress tests reveal whether banks can survive a 10% unemployment shock – Crypto News
-
Business6 days ago
SpaceX Stock in Focus as Citadel Securities Flags Major AI Risk – Crypto News
-
others6 days ago
Ripple Is “Planting Seeds” For Global XRP Adoption After CLARITY Act, Says Expert – Crypto News
-
others3 days ago
CoinGape Announces Winners of the Web3 Innovation Awards 2026 – Crypto News
-
others1 week agoSolstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand – Crypto News
-
Cryptocurrency1 week agoStablecoins are becoming a central bank problem hiding in T-bill markets – Crypto News
-
others1 week ago
Why are These Crypto Coins Rallying Today? Myro, BEAT, Aster, and AAVE – Crypto News
-
Cryptocurrency1 week agoOutdated bank rules may keep crypto outside the banks now allowed to hold it – Crypto News
-
others1 week agoToss Brings 30 Million Users Into the AI Data Economy in Partnership With Poseidon – Crypto News
-
Blockchain1 week agoTether Briefly Overtakes Ethereum As Stablecoin Market Cap Tops ETH During Sell-Off – Crypto News
-
Cryptocurrency1 week agoMichael Saylor’s Bitcoin machine hits $8 billion cash wall as STRC crashes 25% below par – Crypto News
-
others1 week ago
Polymarket Faces Broad CFTC Probe Amid Fake Bets Allegations – Crypto News
-
Cryptocurrency1 week agoEthereum’s oldest wallets are selling into the $1,500 demand line buyers cannot dodge – Crypto News
-
Cryptocurrency1 week agoBitcoin’s broken production cost floor is splitting miners into survivors and sellers – Crypto News
-
De-fi7 days agoTokenized Asset Value Stalls Even as Stock Token Holders Surge – Crypto News
-
others7 days ago
XRP ETFs vs Bitcoin & Ethereum ETFs: Who’s Winning the Race? – Crypto News
-
Technology7 days agoFlipkart GOAT Sale: iPhone 17 gets ₹12,000 discount, Pro models cheaper by up to ₹22,000 – Crypto News
-
Cryptocurrency7 days agoXRP investors capitulate at fastest pace since the 2022 crypto crash amid slide to $1 – Crypto News
-
Technology7 days agoGoogle limits Meta’s use of its Gemini AI models: Report – Crypto News




