Crypto security incidents climbed roughly 50% in the first half of 2026, even as total losses fell about 60%, according to a mid-year report from blockchain security firm SlowMist.
The firm recorded 182 incidents worth approximately $956 million between January and June. A year earlier, 121 incidents caused around $2.373 billion in losses.
Crypto Attacks Climbed 50% in 2026 While Stolen Sums Shrank
The data points to a split between frequency and severity. More attacks landed, yet the biggest sums concentrated in a handful of high-value targets.
Contract and logic vulnerabilities accounted for the most incidents, with 85 cases. Private key and credential compromise ranked second with 17, followed by supply chain attacks with 12.
By value, the picture changes. Supply chain attacks caused the largest losses, totaling roughly $298 million. One event dominated the total.
The Kelp DAO exploit caused a single loss of nearly $292 million, the largest of the half. Researchers tied the attack to a subgroup of North Korea’s Lazarus Group.
Contract and logic flaws accounted for roughly $152 million. Private key and credential compromises added about $130 million in losses.
Notably, Ethereum (ETH) was the most targeted ecosystem, with about $134 million in related losses.
Follow us on X to get the latest news as it happens
How AI Is Changing the Attacks
SlowMist also highlighted artificial intelligence as a growing threat feature. The firm says AI has lowered the barrier to social engineering and automated attacks. Attackers now use AI across the full attack chain.
In one example, SlowMist CISO warned in April that HexagonalRodent, a Lazarus subgroup, baited developers with fake high-paying job offers and interviews to plant backdoored code.
“Related investigations found that attackers extensively used AI tools such as ChatGPT and Cursor during the attack process to assist in code generation, craft communication content, and optimize social engineering narratives,” the report read.
AI agents themselves also emerged as targets. In a May 2026 case, an attacker first airdropped an NFT that unlocked high-privilege transfers, then sent the chatbot Grok a Morse code message that it decoded into a hidden transfer instruction.
The linked trading agent BankrBot treated that output as trusted and moved about $175,000 on-chain. SlowMist calls this an “AI agent trust chain” attack.
The mixed picture leaves defenders with two problems at once. Attack volume keeps rising, and AI is reshaping how those attacks are built and run.
Subscribe to our YouTube channel to watch leaders and journalists provide expert insights









