Crypto Hack Statistics in 2026: The Newest Information and Trade Insights

Crypto hacks have grow to be a significant, ongoing drawback for the business. What as soon as felt like occasional incidents now occurs yearly, with losses reaching billions of {dollars} throughout exchanges, DeFi platforms, and Web3 tasks.

This development is seen throughout yearly losses, main exploits, and the methods attackers function. This text explores the important thing crypto-hack statistics shaping 2026, overlaying annual tendencies, main incidents, assault strategies, and the patterns driving these losses.

The Scale of the Drawback

12 months-over-12 months at a Look

• Crypto theft reached $3.4 billion in 2025, the very best annual whole on report, with the highest 3 hacks alone producing 69% of all service losses for the yr.
• In 2025, the most important single hack was greater than 1,000x the median incident measurement for the primary time in crypto historical past.
• As of early 2026, the ten largest crypto alternate hacks have collectively stolen over $4.3 billion, with particular person assault sizes rising from simply $8.75 million in 2011 to $1.5 billion in 2025. 
• DefiLlama’s cumulative tracker places whole crypto hack losses at over $16.5 billion all-time, with DeFi-specific losses close to $7.7 billion and bridge exploits alone accounting for $2.9 billion. 

2026 Working Complete

• By the top of April 2026, cumulative losses had reached $771.8 million throughout 47 incidents in simply 4 and a half months, with April’s injury alone coming in at 3.7x your entire Q1 whole. 
• April 2026 set a report as the one worst month in crypto historical past, with $629.69 million drained throughout the business, of which $614.17 million got here from DeFi protocols alone. 
• DeFi logged 47 incidents within the first 4.5 months of 2026 versus 28 over the identical window in 2025, a 68% year-over-year improve. 
• The 2 Lazarus-linked assaults in April 2026 alone brought about 95% of the month’s whole injury, triggering a mass exit from DeFi. Within the 48 hours following the exploits, greater than $8.4 billion fled Aave, and whole DeFi TVL shed over $13 billion. 

Q1 2026 in Element

Overview

• Q1 2026 recorded not less than $168 million stolen throughout 34 confirmed incidents above $1M, earlier than the huge April exploits pushed the annual whole far greater.
• Counting all Web3 safety incidents, together with infrastructure breaches, Q1 2026 losses exceeded $450 million throughout 145 incidents spanning greater than 10 blockchains.
• Sensible contract exploit losses particularly dropped roughly 89% year-over-year in Q1 2026, as attackers pivoted to social engineering and infrastructure-level assaults.

Month by Month

• January 2026 was the worst single month of Q1, with $340 million misplaced when counting all incidents, almost 80% of which got here from one social engineering assault alone. Counting solely confirmed protocol exploits above $1M, January totaled roughly $86 million throughout 16 hacks. 
• In January 2026, DeFi protocols have been accountable for roughly 78% of whole hack losses, with 6 main protocol incidents draining roughly $42 million mixed. 
• February 2026 was the quietest month of Q1 at roughly $10 to $26.5 million in losses, relying on scope, a 98.2% year-over-year decline closely distorted by the $1.5 billion Bybit outlier in February 2025. 
• March 2026 noticed hack exercise rebound with roughly $25 to $52 million stolen, a 96% surge from February’s confirmed figures. 

Q1 2026 Assault Vectors

• Social engineering and phishing have been the one most damaging class in Q1 2026, accountable for $290 million in losses, greater than all different assault varieties mixed. Regardless of accounting for less than 10% of incidents by rely, the greenback injury was outsized on account of one single $282 million assault.
• Flash mortgage and worth manipulation assaults have been essentially the most frequent exploit sort at 22% of all Q1 2026 incidents, showing in not less than 10 separate instances. 
• Contract vulnerabilities have been the second commonest assault sort at 20% of incidents.
• Entry management failures accounted for 18% of incidents however drove among the largest losses, together with the $40 million Step Finance breach and the $25 million Resolv Labs exploit.
• Oracle manipulation represented 15% of incidents, affecting not less than 5 main protocols in Q1 2026 alone, together with Aave V3, Venus Protocol, Moonwell, Mix Protocol, and Valinity. 
• Rugpulls made up 5% of incidents, a persistent however smaller share as attackers shifted focus towards larger-scale social engineering and treasury exploits.

January 2026 Incidents

• In January 2026, a single social engineering assault drained $282 million, one of many largest phishing-driven exploits in Web3 historical past.
• Even excluding that outlier, January nonetheless recorded over $60 million in losses, led by a $40 million breach at Step Finance on Solana attributable to entry management and provide chain failures.
• In January 2026, a Truebit good contract coding error value customers roughly $26.2 million, a Saga bridge incident added one other $7 million, and Makina’s flash mortgage assault resulted in roughly $4.13 million stolen.
• Additionally in January 2026, signature-phishing drained roughly $6.3 million from consumer wallets, a 207% month-over-month leap, with two victims accounting for almost 65% of these losses. 

February 2026 Incidents

• In February 2026, Mix Protocol misplaced $10 million to oracle manipulation on Stellar, and the IoTeX bridge on Ethereum was drained of $4.4 to $8 million by means of non-public key leakage and entry management failures. 
• The IoTeX breach in February 2026 mirrored a recurring sample the place bridge infrastructure stays extremely uncovered to key compromise as soon as administrative entry is misplaced.
• The Moonwell exploit on Base in February 2026, which resulted in roughly $1.7 million in losses, demonstrated that governance mechanisms are actually getting used as a direct assault floor, combining oracle and governance vectors in a single operation.

March 2026 Incidents

• March 2026 was headlined by the $25 million Resolv Labs exploit on Ethereum, triggered by entry management failures and enter validation gaps.
• Oracle reliability remained a systemic drawback in March 2026, with Aave V3 ($1 million), Venus Protocol ($2 to $5 million), and Resolv Labs all struggling losses tied to manipulable worth feeds. 

The Greatest Hacks of 2025 and 2026

Bybit

• • On February 21, 2025, Dubai-based Bybit suffered the most important single crypto theft in historical past, dropping 400,000 ETH value $1.4 billion inside minutes after attackers exploited a personal key vulnerability in its scorching pockets system. 

• • • By February 26, 2025, the US FBI formally attributed the breach to Lazarus Group and TraderTraitor, who used malware-laden buying and selling purposes to infiltrate techniques.

Phemex

• • • In January 2025, Phemex misplaced over $85 million in a scorching pockets breach spanning 16 blockchains, making it some of the geographically dispersed alternate hacks of the yr.

Coinbase 

• • • Coinbase’s 2025 insider-assisted information breach uncovered private data of almost 70,000 prospects, with projected whole prices estimated between $180 million and $400 million.
    • In 2025, attackers demanded a $20 million ransom after bribing abroad help brokers, which Coinbase refused, as an alternative providing that very same quantity as a reward for data resulting in the criminals’ identification.

BtcTurk 

• • • In August 2025, Turkish alternate BtcTurk suffered its second main hack in simply over a yr, dropping roughly $48 million from scorching wallets throughout seven blockchains. The prior 2024 breach had already value the alternate $55 million, highlighting persistent key administration failures.

Nobitex 

• • • In June 2025, hacking group Predatory Sparrow siphoned over $90 million from Iran’s largest crypto alternate Nobitex, with funds despatched to “self-importance” pockets addresses with no identified non-public keys, successfully destroying them completely.

Drift Protocol 

• • • On April 1, 2026, Solana-based Drift Protocol had roughly $270 to $285 million drained from its vaults, wiping out over 50% of its TVL inside hours.
    • Safety agency TRM Labs attributed the assault to UNC4736, a North Korean state-sponsored group that ran a six-month social engineering marketing campaign since fall 2025, with operatives depositing over $1 million of their very own capital into Drift to construct credibility.
    • As soon as inside, attackers whitelisted a nugatory token (CVT) as collateral, artificially inflated its worth by way of manipulated oracles, deposited 500 million CVT, and drained $285 million in USDC, SOL, and ETH in simply 12 minutes.
    • Inside an hour of the April 1, 2026 exploit, Drift’s TVL collapsed from $550 million to beneath $300 million. The DRIFT token plunged over 40% within the fast aftermath.

KelpDAO and the Aave Fallout 

• • • On April 18, 2026, the attacker cast a cross-chain message to deceive LayerZero’s messaging layer, inflicting Kelp’s bridge to launch 116,500 rsETH (roughly 18% of the token’s whole circulating provide) to an attacker-controlled deal with value roughly $292 million. 
    • The breach was made potential as a result of KelpDAO’s bridge relied on a single-DVN setup, requiring just one verifier to approve a cross-chain message, a single level of failure.
    • As a result of the drained bridge held reserves backing wrapped rsETH throughout greater than 20 blockchains, each downstream protocol accepting rsETH as collateral was immediately uncovered.
    • Kelp’s emergency multisig paused contracts solely 46 minutes after the drain started, by which level the $292 million was already gone. Arbitrum’s Safety Council later froze $71 million of linked property on the behest of regulation enforcement. 
    • Following the theft, the stolen ETH was routed by means of Twister Money inside hours of the April 18 exploit, roughly $175 million in ETH was then moved by means of THORChain and transformed to Bitcoin with no operator intervention.
    • The KelpDAO exploit in April 18, 2026 triggered a financial institution run on Aave, with the platform’s insurance coverage fund holding simply $80 to $100 million towards almost $200 million in potential losses. Stablecoin lenders pulled $5 billion from Aave in a preemptive exit, driving DeFi stablecoin rates of interest to spike to roughly 10%.
    • As of April 23, 2026, an estimated $100 to $120 million in losses remained unresolved after the Aave insurance coverage fund was absolutely depleted. The AAVE token dropped 19% through the disaster, whereas demand for ETH, USDT, and USDC hit 100% utilization, blocking depositors from withdrawing funds.
    • When the KelpDAO bridge broke in April 2026, Aave misplaced $6 billion in TVL from consumer withdrawals, although Aave’s personal contracts have been by no means touched.

CoW Swap (April 14, 2026)

• • • On April 14, 2026, CoW Swap suffered a front-end DNS assault that briefly halted providers, tricking customers into approving malicious transfers whereas additionally trying pockets draining, seed phrase assortment, and password theft.
    • A autopsy launched on April 16, 2026, estimated roughly $1.2 million in consumer losses. CoW DAO later arrange a grants program to reimburse affected customers.

How Attackers Are Evolving

North Korea and the Lazarus Group

• • • In accordance with a TRM Labs report printed April 30, 2026, North Korean state-linked hackers accounted for 76% of all cryptocurrency stolen globally in 2026 by means of simply two assaults totaling $577 million, whereas representing solely 3% of whole hack incidents by rely.
    • North Korea-linked hackers stole not less than $2.02 billion in 2025, a 51% improve from 2024, with centralized exchanges as the first goal.
    • North Korea’s cumulative crypto theft since 2017 has now surpassed $6 billion. North Korean state-linked teams have been tied to not less than 3 of the highest 10 largest alternate hacks in historical past.
    • THORChain served as the first laundering route for each the 2025 Bybit breach and the 2026 KelpDAO hack, processing tons of of tens of millions in stolen ETH with no mechanism to reject transfers.
    • In a March 2024 report, A UN panel of consultants estimated that illicit cyber exercise funds roughly 40% of North Korea’s weapons growth packages.

The Shift from Code to Human Targets

• • • In 2025, off-chain assault vectors, together with compromised credentials, social engineering, and provide chain manipulation, drove 76% of whole hack losses ($2.2 billion), marking a basic shift away from code-based exploits towards human focusing on.
    • Non-public key compromises accounted for 88% of stolen funds in Q1 2025, a development that carried into 2026. 
    • Impersonation scams surged 1,400% year-over-year in 2025, making social engineering one of many fastest-growing crypto risk vectors.
    • The Drift hack operation started as early as fall 2025, roughly 5 months earlier than any funds moved, with DPRK operatives utilizing third-party intermediaries who might themselves have been unaware they have been working for the North Korean state.
    • In a January 2026 interview, Immunefi CEO Mitchell Amador famous that over 90% of tasks nonetheless carry important exploitable vulnerabilities, fewer than 1% use firewall instruments, and beneath 10% deploy AI-based detection techniques. 

Bridge Infrastructure as a Structural Weak point

• • • Since 2022, cross-chain bridges have accrued over $2.9 billion in cumulative losses, representing roughly 40% of all worth hacked in Web3.
    • Bridge TVL reached $21.94 billion as of March 2026, making bridge infrastructure one of many highest-value targets in crypto.
    • Cross-chain bridge exploits resulted in additional than $1.5 billion stolen by mid-2025. 
    • The April 2026 occasions uncovered three structural vulnerabilities in DeFi lending: dependence on poorly verified third-party collateral information, chronically underfunded insurance coverage reserves, and the function of crypto mixers in enabling criminals to launder stolen funds undetected. 

Pockets and Phishing Threats

• • • Private pockets compromises reached 158,000 incidents in 2025, affecting not less than 80,000 distinctive victims, with whole particular person losses hitting $713 million, down 52% from $1.5 billion in 2024.
    • Phishing and address-poisoning assaults brought about roughly $83.8 million in wallet-related losses throughout as much as 17 million affected addresses in 2025.
    • In January 2026, signature-phishing drained roughly $6.3 million from consumer wallets, a 207% month-over-month leap, with two victims accounting for almost 65% of these losses.
    • In 2025, ransomware assaults focusing on crypto holders rose 75% to 72 incidents, with losses reaching $40.9 million.

Frequent Vulnerabilities Throughout the Trade

• • • In 2025, entry management vulnerabilities drove roughly 59% of DeFi losses, totaling over $1.6 billion, whereas good contract flaws brought about 67% of DeFi losses, with unverified contracts accountable for over $630 million.
    • In H1 2025, DeFi safety breaches exceeded $3.1 billion, already surpassing the full-year 2024 whole of $2.85 billion.
    • In accordance with Coinlaw 2026, an absence of normal auditing left 52% of DeFi protocols struggling not less than one breach inside their first yr of operation.
    • In 2025, outdated two-factor authentication techniques contributed to a 32% rise in account takeovers, weak API safety brought about 27% of centralized alternate breaches, and poor inner entry controls enabled unauthorized worker entry in 11% of alternate hacks.
    • Third-party service flaws, equivalent to misconfigured cloud storage, contributed to 24% of infrastructure-related breaches in 2025, whereas an absence of good contract audits brought about over $540 million in DeFi losses.
    • In accordance with Chainalysis information by means of 2025, scorching pockets vulnerabilities have been the basis reason behind 80% of main alternate breaches on report.

References

• • Acuna, O. (2026). Crypto hacks hit $17 billion in 2025, however the actual risk was individuals, not code. [online] Coindesk.com. Obtainable at: https://www.coindesk.com/enterprise/2026/01/19/crypto-s-worst-year-for-hacks-wasn-t-a-smart-contract-problem-it-was-a-people-problem [Accessed 13 May 2026].
  • Adewale Olarinde (2026). Crypto hack losses hit $112.5m within the first two months of 2026, PeckShield information. [online] AMBCrypto. Obtainable at: https://ambcrypto.com/crypto-hack-losses-hit-112-5m-in-first-two-months-of-2026-peckshield-data/ [Accessed 13 May 2026].
  • administrator (2025). The ten Greatest Crypto Hacks in Historical past. [online] Crystal Intelligence. Obtainable at: https://crystalintelligence.com/investigations/the-10-biggest-crypto-hacks-in-history/ [Accessed 12 May 2026].
  • Bashir, Ok. (2026). April 2026 Turns into Worst Month for Crypto Hacks Since February 2025. [online] BeInCrypto. Obtainable at: https://beincrypto.com/april-2026-crypto-hacks-606m/ [Accessed 13 May 2026].
  • Bonner, W. (2026). Crypto Hacks and DeFi Runs – Financial institution Coverage Institute. [online] Financial institution Coverage Institute. Obtainable at: https://bpi.com/crypto-hacks-and-defi-runs/ [Accessed 12 May 2026].
  • Cryptoimpacthub.com. (2026). The Drift Protocol Hack: How North Korea Performed the Lengthy Sport for $285 Million. [online] Obtainable at: https://cryptoimpacthub.com/drift-protocol-hack-north-korea-social-engineering-2026/ [Accessed 13 May 2026].
  • Cryip.co. (2026). Crypto Hacks Report in Q1 2026: $450M Misplaced Throughout Phishing, Exploits, and Infrastructure Assaults. [online] Obtainable at: https://cryip.co/crypto-hacks-report-q1-2026/ [Accessed 12 May 2026].
  • Dan (2026). April Crypto Hacks Simply Hit $606 Million in 18 Days, Making It the Worst Month Since February 2025. [online] Phemex.com. Obtainable at: https://phemex.com/blogs/april-2025-crypto-hacks-606-million [Accessed 13 May 2026].
  • Dan (2026). Each Main DeFi Hack in 2026 So Far and Why Bridge Exploits Hold Getting Greater. [online] Phemex.com. Obtainable at: https://phemex.com/blogs/defi-hacks-2026-bridge-exploits-explained [Accessed 12 May 2026].
  • Danga, B. (2026). North Korea accounts for 76% of 2026 crypto hack losses, with theft since 2017 topping $6 billion: TRM Labs. [online] The Block. Obtainable at: https://www.theblock.co/put up/399569/north-korea-accounts-for-76-of-2026-crypto-hack-losses-with-theft-since-2017-topping-6-billion-trm-labs [Accessed 13 May 2026].
  • Elad, B. (2026). Crypto Alternate Hacks and Safety Statistics 2026: Cyber Threat Tendencies. [online] CoinLaw. Obtainable at: https://coinlaw.io/crypto-exchange-hacks-and-security-statistics/ [Accessed 12 May 2026].
  • Elad, B. (2026). Cryptocurrency Safety and Fraud Statistics 2026: Massive Threats. [online] CoinLaw. Obtainable at: https://coinlaw.io/cryptocurrency-security-fraud-statistics/ [Accessed 13 May 2026].
  • Faridi, O. (2026). Crypto Exploit Losses Climb Sharply in March 2026 as Safety Threats Evolve, Report Reveals. [online] Crowdfund Insider. Obtainable at: https://www.crowdfundinsider.com/2026/04/270705-crypto-exploit-losses-climb-sharply-in-march-2026-as-security-threats-evolve-report-reveals/ [Accessed 13 May 2026].
  • GNcrypto (2026). April 2026: 30 crypto hacks, $625M stolen, bridges hit. [online] GNcrypto. Obtainable at: https://www.gncrypto.information/information/april-2026-30-crypto-hacks-625m-stolen-bridges-hit/ [Accessed 13 May 2026].
  • IndexBox Inc (2026). Crypto losses exceeded $606M in April 2026 on account of hacks linked to the Lazarus Group. [online] Indexbox.io. Obtainable at: https://www.indexbox.io/weblog/crypto-losses-exceed-606m-in-april-2026-due-to-hacks-linked-to-lazarus-group/ [Accessed 13 May 2026].
  • Lee, J. (2026). DeFi exploits, on-chain interventions, and the non-public key: Latest developments in crypto-asset restoration. [online] Travers Smith. Obtainable at: https://www.traverssmith.com/data/knowledge-container/defi-exploits-on-chain-interventions-and-the-private-key-recent-developments-in-crypto-asset-recovery/ [Accessed 13 May 2026].
  • Luker (2026). This month’s Crypto Safety Report. [online] Metamask.io. Obtainable at: https://metamask.io/information/crypto-security-report-2026 [Accessed 12 May 2026].
  • MEXC. (2026). Report: Crypto Hacks Rose 96% in March as Losses Hit $52M. [online] Obtainable at: https://www.mexc.com/information/1005025 [Accessed 13 May 2026].
  • Miah, S. (2025). 14 Greatest Crypto Hacks of All Time. [online] Webopedia. Obtainable at: https://www.webopedia.com/crypto/be taught/biggest-crypto-hacks/ [Accessed 12 May 2026].
  • North (2026). North Korean hackers tied to $290M crypto heist, agency says. [online] UPI. Obtainable at: https://www.upi.com/Top_News/World-Information/2026/04/22/KelpDAO-LayerZero-North-Korea-crypto-hack-theft-Lazarus-Group/6151776848419/ [Accessed 13 May 2026].
  • Sherlock (2026). The Sherlock Web3 Safety Report Q1 2026: Each Main Hack, Exploit, and Development. [online] Sherlock.xyz. Obtainable at: https://sherlock.xyz/put up/the-sherlock-web3-security-report-q1-2026-every-major-hack-exploit-and-trends [Accessed 13 May 2026].
  • The Crypto Instances. (2026). $629M Misplaced: April 2026 Marks Worst Month for Crypto Hacks. [online] Obtainable at: https://www.cryptotimes.io/2026/04/30/629m-lost-april-2026-marks-worst-month-for-crypto-hacks/ [Accessed 13 May 2026].
  • Thorp, J. (2026). Crypto Hackers Drain $1.08 Billion in 68 Assaults as Social Engineering Surges. [online] The Forex Analytics. Obtainable at: https://thecurrencyanalytics.com/defi/crypto-hackers-drain-1-08-billion-in-68-attacks-as-social-engineering-surges-255542 [Accessed 13 May 2026].
  • Trmlabs.com. (2026). North Korea Stole 76% of All Crypto Hack Worth in 2026 — With Simply Two Assaults. [online] TRM Labs. Obtainable at: https://www.trmlabs.com/sources/weblog/north-korea-stole-76-of-all-crypto-hack-value-in-2026-with-just-two-attacks [Accessed 13 May 2026].