The Web3 sector lost more than $1.31 billion to hacks, exploits and scams during the first six months of 2026, even as headline losses appeared lower than a year earlier. Behind the decline, however, security data points to a more troubling trend: attacks are becoming more targeted, high-value and operationally sophisticated rather than less frequent.
A total of 344 security incidents were recorded between January and June, almost unchanged from the same period last year. While total losses fell 46.8% year over year, the comparison is skewed by the record $1.45 billion Bybit exploit in early 2025. Excluding that single event, losses during the first half of 2026 were roughly 28% higher than the comparable 2025 baseline, indicating that the underlying threat landscape has worsened rather than improved.
Nearly half of all losses stemmed from two attacks that occurred within weeks of each other in April, while other major incidents, including the Humanity Protocol exploit, further highlighted persistent security weaknesses across the Web3 ecosystem.
Without those events, total losses would have remained below $750 million, illustrating how a handful of large breaches continue to dominate industry-wide damage.
The biggest shift during the first half of the year was the growing cost of wallet-related attacks.
Wallet compromises generated more than $444 million across just 33 incidents, making them the most expensive attack category despite representing only a small fraction of total cases. By comparison, code vulnerabilities produced the highest number of incidents at 204, but resulted in substantially lower aggregate losses of around $151.6 million.
The figures suggest attackers are increasingly focusing on privileged credentials, operational infrastructure and key management instead of relying solely on flaws in smart contracts.
Phishing also evolved during the period. Although phishing incidents fell by more than half compared with the previous year, financial losses declined only modestly because attackers shifted toward highly targeted social engineering campaigns aimed at high-value individuals and organizations rather than mass wallet-draining operations.
Ethereum continued to experience the largest number of security incidents, while Solana ranked second by value lost largely due to the Drift Protocol exploit, which accounted for one of the biggest security incidents of H1 2026.
Key figures from H1 2026 include:
Attackers moved stolen assets more rapidly through privacy tools and cross-chain infrastructure, making recovery increasingly difficult. At the same time, older smart contracts that had not undergone recent security reviews emerged as a recurring target, suggesting legacy DeFi infrastructure is becoming a growing source of risk.
Rather than signalling a safer ecosystem, the first half of 2026 points to an industry facing a changing threat model where fewer attacks are responsible for increasingly larger losses, and operational security is becoming as critical as smart contract security.


