商业通讯
请输入关键词
  • 首页
  • 资讯
  • 科技
  • 财商
  • 汽车
  • 家电
  • 生活
 > 资讯

CertiK Hack3D: H1 2026 Report Reveals Over $1.31 Billion Lost to Web3 Security Incidents in the Firs

发布于:2026-07-09 09:01:08 来源:CertiK

NEW YORK, July 08, 2026 (GLOBE NEWSWIRE) -- CertiK recently released the CertiK Hack3D: H1 2026 Report, a data-driven analysis of Web3 security incidents from January through June 2026. Across 344 incidents, the ecosystem lost $1.3 billion, with adjusted net losses of approximately $1.2 billion after frozen and recovered funds. While total losses appear lower than H1 2025, that comparison is almost entirely a function of the $1.45 billion Bybit hack that defined that period. Stripped of that outlier, H1 2026 losses are approximately 28% higher on a comparable basis.

April Defined the Half

The most costly month of H1 2026 was April, which recorded approximately $651 million in losses across 61 incidents, shaped almost entirely by two events. The Kelp DAO RPC compromise ($291 million, April 18) saw attackers exploit a DVN failover mechanism to confirm fabricated transactions and withdraw 116,500 rsETH. The Drift Protocol breach ($285 million, April 1), the largest exploit ever recorded on Solana, was executed through a multi-stage administrative key compromise that enabled the attacker to drain SOL, USDC, and Bitcoin from the protocol's liquidity pools. Together, these two incidents account for nearly 44% of all H1 losses.

Wallet Compromise and Phishing Lead by Losses

Wallet compromise was the most financially destructive attack category, generating $445 million across 33 incidents at an average of over $13 million per event. The concentration of losses in a small number of high-impact events reflects a deliberate attacker focus on key management infrastructure rather than smart contract code.

Phishing was the second most costly vector at $366 million across 63 incidents. Despite a 52.3% decline in incident volume compared to H1 2025, losses fell by only 10.8%, as broad-volume campaigns have given way to precision social engineering attacks. Four such incidents produced approximately 85% of all phishing losses, with a single January event accounting for nearly $285 million alone.

Code Vulnerability Leads by Volume

Code vulnerability was the most prolific attack category with 204 incidents and $152 million in losses. A growing share of these targeted contracts is more than one year old, with monthly incidents in this cohort rising from 7 in October 2025 to 18 in May 2026, suggesting attackers are systematically revisiting legacy codebases well beyond the initial deployment window.

DPRK Remains a Structural Threat

The report includes a dedicated assessment of DPRK-linked threat activity. State-sponsored actors, most notably the Lazarus Group, have consistently escalated operations as each calendar year progresses, with H2 2026 representing a period of heightened concern. The Drift Protocol breach bears characteristics consistent with prior Lazarus Group operations, though formal attribution had not been confirmed at publication.

Full report: https://indd.adobe.com/view/9f1c777d-8d9f-4b14-b417-e4a29ee5359a

Media contact
Elisa Yiting Xu
yiting.xu@certik.com

上一篇:Bitget Wallet 用户数达 1 亿,支付用户数首次超过交易用户数

下一篇:

热门文章

  • 光影致敬实业奋斗者——《有你真好1》观影暨《再创新辉煌》有奖征文活动启事

    2026-06-30
  • 萤石智能锁618高端市场斩获多项第一,技术升级驱动品牌逆势突围

    2026-07-08
  • L'ATELIER DE JOËL ROBUCHON HONG KONG 延续十八载辉煌传奇 今夏载誉回归置地廣塲

    2025-05-05
  • 2025年TOURISE大奖揭晓:东京、纽约、安卡什与巴黎荣获首届殊荣

    2025-11-14
  • 从“眼巴巴”到“手飒飒”,5年59次打破国外技术垄断——国家管网集团北京管道有限公司“红色劲旅自主维保突击队”攻坚实录

    2025-05-26
  • 2025年度全国会计专业技术中级资格考试 (甘肃考区)报名公告

    2025-06-10

本站部分文字及图片均来自于网络,如有侵权请及时联系删除处理

Copyright ©2023-2024 商业通讯.Powered by © hubeizhichuang.com