Half-Year Hack Tally Hits 182, But The Footprint Got Lighter 🪶
Back to feed

Half-Year Hack Tally Hits 182, But The Footprint Got Lighter 🪶

Crypto security incidents rose roughly 50% in the first half of 2026 even as total losses dropped about 60%, according to a mid-year report from blockchain security firm SlowMist. The firm recorded 182 incidents valued at approximately $956 million between January and June, compared with 121 incidents causing around $2.373 billion in losses during the same period a year earlier. The data points to a split between frequency and severity: attacks landed more often, yet the largest sums concentrated in a handful of high-value targets.

Contract and logic vulnerabilities led the count with 85 cases. Private key and credential compromise ranked second with 17, followed by supply chain attacks with 12. By value, the picture shifts. Supply chain attacks produced the heaviest losses at roughly $298 million, driven largely by a single event. The Kelp DAO exploit caused a loss of nearly $292 million, the largest of the half, and SlowMist researchers tied the attack to a subgroup of North Korea's Lazarus Group. Contract and logic flaws added roughly $152 million, while private key and credential compromises accounted for about $130 million in losses. Ethereum ($ETH) was the most targeted ecosystem, with about $134 million in related losses.

SlowMist also flagged artificial intelligence as a growing feature of these incidents, saying AI has lowered the barrier to social engineering and automated attacks across the full attack chain. The report cited the April warning from SlowMist's CISO that HexagonalRodent, a Lazarus subgroup, baited developers with fake high-paying job offers and interviews to plant backdoored code. "Related investigations found that attackers extensively used AI tools such as ChatGPT and Cursor during the attack process to assist in code generation, craft communication content, and optimize social engineering narratives," the report stated.

AI agents themselves emerged as targets in a separate May 2026 case, in which an attacker first airdropped an NFT unlocking high-privilege transfers, then sent the chatbot Grok a Morse code message that the model decoded into a hidden transfer instruction. The linked trading agent BankrBot treated that output as trusted and moved about $175,000 on-chain. SlowMist described this pattern as an "AI agent trust chain" attack, highlighting how defenders now contend with rising attack volume and AI-shaped offensive methods at the same time.

Mentioned Coins

$ETH
Share:
Publishercryptonewsroom.xyz
Published—
CategorySecurity

Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.

See our Terms of Service, Privacy Policy, and Editorial Policy.