Immunefi: Crypto hacker attacks hit new high in first half of 2026, total losses under $1 billion

Immunefi’s latest report shows that in the first half of 2026, crypto projects suffered 207 hacker attacks, with cumulative losses of approximately $972 million. The number of attacks hit a record high, but total losses were still less than half of the same period in 2025.
(Backstory: The MiCA stablecoin regulatory transition period has ended! USDT will be “expelled from Europe”)
(Background: Bitmine scooped up another 42,000 ETH last week! Total holdings surpassed 5.74 million)

Table of Contents

Toggle

  • DeFi losses halved again and then halved again
  • Shift in risk sources: from contract bugs to infrastructure
  • Viewpoint: Crypto security is a “quantity” problem, not a “quality” problem

Security advisory firm Immunefi released its H1 crypto security report on July 10. The report data shows that in the first six months of 2026, crypto projects suffered a total of 207 hacker attacks, with cumulative losses of approximately $972 million.

The number of attacks reached an all-time high, but total losses still remained below the $1 billion mark—and were less than half the scale of losses in the first half of 2025. The crypto security ecosystem is showing a trend of “more volume, lower value.”

DeFi losses halved again and then halved again

The report indicates that DeFi attack losses have fallen 74% from the 2022 peak of $262 million, dropping to about $680.3 million. During the same period, the median loss per incident also fell 75%, suggesting that the average scale of each attack continues to shrink.

Immunefi attributes this to four factors: ongoing security coverage, bug bounty programs, audit competitions, and an increasing number of researchers discovering vulnerabilities before they are exploited.

Shift in risk sources: from contract bugs to infrastructure

The report specifically points out that the source of risk is shifting away from purely smart-contract vulnerabilities toward the following four categories:

  • Infrastructure failures, including node service interruptions and on-chain data latency
  • Private key leaks, stemming from wallet management mistakes
  • Cross-chain configuration errors, such as incorrect bridge routing and cross-chain communication settings
  • Weak privileged access, with lax governance account permission management

This aligns with recent real-world events: on July 10, the Ethereum Foundation deployed an AI agent red-team test and successfully found a remotely triggerable panic vulnerability in the libp2p gossipsub layer of the Ethereum consensus client (CVE-2026-34219). On July 9, the macOS credential-stealing trojan Odyssey surged, affecting more than 100 countries and stealing wallet files from 16 or more crypto applications.

Viewpoint: Crypto security is a “quantity” problem, not a “quality” problem

The signals revealed by the Immunefi report are similar to a chip manufacturing process upgrade: the defect rate (losses) declines, but the number of detected defects (attack counts) actually increases, because the detection network is denser and coverage is more comprehensive.

Crypto losses in the first half of 2025 were about $130–150 million. In the first half of 2026, although the number of attacks reached a new high, the total losses of $972 million still fall within a reasonable range. The key is that the risk focus has shifted from preventable issues like “smart contracts not being audited” to more hidden weaknesses such as “infrastructure and cross-chain configuration.”

The practical implication is: “Passing an audit” doesn’t mean “security is foolproof.” The four emerging risks mentioned in the report (infrastructure, private keys, cross-chain, privileged access) are exactly the areas that individual wallet users and DeFi users find hardest to self-check. The Solana Foundation has also recently appointed former Twitter CISO Michael Coates as Chief Information Security Officer, showing that on-chain security is expanding from “contract development” to “full-stack infrastructure.”

BMNR4.83%
ETH3.36%
SOL1.08%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned