CertiK Hack3D Report: Web3 Losses Exceed $1.3 Billion in First Half of 2026, Attacks Accelerate Toward High-Value Targets
Odaily Planet Daily News Web3 security company CertiK has released the "Hack3D: First Half of 2026 Report." The report shows that in the first half of 2026, the Web3 ecosystem experienced 344 security incidents, resulting in total losses of approximately $1.32 billion. Although this figure represents a 46.8% decrease compared to the same period last year, excluding the impact of the $1.45 billion security incident involving Bybit, the scale of losses in the first half of this year actually increased by approximately 28% year-over-year, indicating that the overall security environment in the industry has not seen substantial improvement.
The report points out that wallet theft has become the attack type causing the largest financial losses, totaling approximately $450 million in the first half of the year. Meanwhile, although the number of phishing attacks decreased by over 50% year-over-year, the amount of losses only fell by approximately 10.8%, reflecting that attackers are pivoting toward high-net-worth individuals and institutional targets, conducting more targeted high-value attacks.
Furthermore, code vulnerabilities remain the most frequent type of attack, with 204 related incidents. CertiK believes that attackers are increasingly targeting long-running, older smart contracts that lack re-auditing. The report also shows that mega-scale attacks continue to dominate industry losses, with two incidents involving Kelp DAO and Drift Protocol collectively causing approximately $577 million in losses, accounting for 44% of the total losses in the first half of the year. Judging from the number of incidents, the impact of individual attacks, and the changing patterns of attacks, the Web3 industry is facing more complex and continuously escalating security challenges.
