The cryptocurrency industry recorded its highest-ever number of hacking incidents during the first half of 2026, despite the total value stolen falling sharply from a year earlier. According to blockchain security firm Immunefi, attackers exploited 207 separate incidents between January and June, resulting in approximately $972 million in losses.
Although the incident count set a new record, the total amount stolen remained below $1 billion and was less than half the losses recorded during the same period in 2025. The figures suggest that while crypto attacks are becoming more frequent, their financial impact is generally smaller than in previous years.
DeFi Security Shows Continued Improvement
One of the report’s strongest trends is the continued decline in decentralized finance (DeFi) exploit losses.
Immunefi found that DeFi-related losses have dropped 74% since their 2022 peak, falling from $2.62 billion to $680.3 million. The median amount lost per exploit has also declined by roughly the same percentage.
The security firm attributed the improvement to stronger preventive measures across the industry, including bug bounty programs, independent security audits, competitive code reviews, and a growing network of researchers identifying vulnerabilities before attackers can exploit them.
While full-year DeFi losses edged slightly higher in 2025 compared with 2024, Immunefi said the increase reflected the added complexity of multi-chain ecosystems rather than a broad deterioration in protocol security.
Crypto Attackers Shift Focus Beyond Smart Contracts
The report also highlights a noticeable change in how cybercriminals are targeting crypto projects.
Rather than relying primarily on smart contract vulnerabilities, attackers are increasingly exploiting infrastructure weaknesses, compromised private keys, cross-chain configuration errors, and flaws involving privileged system access. According to Immunefi, this represents a broader shift toward attacking operational infrastructure instead of protocol code alone.
Older attack methods have become less dominant. Bridge exploits, once responsible for some of the industry’s largest losses, now account for a much smaller share of incidents, while flash-loan attacks have declined significantly compared with previous market cycles.
Crypto Hacks 2025: North Korean Hackers Steal Over $2B in Ethereum and Solana This Year
Bug Bounty Programs Continue to Expand
As attacks evolve, bug bounty programs continue to play a growing role in strengthening blockchain security.
During the first half of 2026, Immunefi paid approximately $13.45 million to researchers who reported 837 valid vulnerabilities before they could be exploited. In June, the company surpassed $140 million in lifetime payouts to security researchers.
The platform now works with more than 92,000 registered researchers, protects over $180 billion in digital assets across more than 650 protocols, and estimates that its programs have helped prevent more than $25 billion in potential losses.
Immunefi CEO Mitchell Amador said the industry continues to make progress but cautioned that the threat landscape is constantly changing. While the overall trend points to stronger security practices, he noted that hundreds of millions of dollars in annual losses remain far too high for the sector.












