Crypto protocols lost more than US$1.31 billion (AU$1.89 billion) to hacks and exploits across 344 incidents in the first half of 2026, according to CertiK’s Hack3d report, and security experts say the same AI tooling speeding up those attacks is also helping defenders surface bugs that sat undetected for years.
Headline losses fell 46.8% from the first half of 2025, though that period included the US$1.45 billion (AU$2.09 billion) Bybit hack. Excluding it, CertiK said losses ran about 28% higher year-on-year.
Some US$115.3 million (AU$166 million) was frozen or recovered, putting net losses near US$1.2 billion (AU$1.73 billion). “The underlying security environment has not improved; in several meaningful respects, it has deteriorated,” the report stated.
Wallet compromise was the costliest vector at US$444.5 million (AU$640.1 million) across 33 incidents. April produced two of the largest single incidents of the half, the US$291 million (AU$419 million) Kelp DAO RPC compromise and the US$285 million (AU$410.4 million) Drift Protocol breach.
Phishing followed at US$366.3 million (AU$527.5 million) across 63 incidents, with incident volume down 52.3% while losses fell only 10.8%. Four incidents accounted for about 85% of the category’s losses, a shift CertiK attributed to highly targeted social engineering.
Related: SEC Eyes Sweeping Crypto Rule Overhaul Covering Tokens, Trading, and Broker-Dealers
Code vulnerabilities cost US$151.6 million (AU$218.3 million) across 204 incidents, the highest count of any category, and CertiK identified a growing pattern of attackers targeting legacy contracts more than a year old, aided by improved automated tooling that finds latent vulnerabilities at scale. The firm warned that the window of maximum vulnerability does not close after launch.
Security engineer Taylor Hornby, engaged by Shielded Labs to audit Zcash, found a four-year-old soundness bug in the privacy network’s Orchard shielded pool in late May using a custom auditing agent powered by Anthropic’s Claude.
The flaw, in the codebase since May 2022, could have allowed undetectable counterfeiting; a patch shipped on June 1, an emergency hard fork followed on June 3, and developers believe no exploitation occurred. ZEC fell about a third on the June 5 disclosure.
Anthropic’s own December research found AI agents uncovered the equivalent of US$4.6 million (AU$6.62 million) in simulated exploits across 405 previously hacked contracts, and surfaced two unknown vulnerabilities while screening 2,849 newer ones.
TRM Labs Global Head of Policy Ari Redbord stated the data argues for continuous review in place of a one-time audit, with attack techniques moving faster than a launch-day audit can account for.
Related: Ripple Secures Full EU MiCA License, Clearing Path for Crypto Expansion Across Europe
The post AI Is Speeding Up Both Hacks and Hunts for Smart Contract Bugs, Security Experts Warn appeared first on Crypto News Australia.


