For the first time in several years, crypto hack losses have come in below the psychological $1 billion mark — and that’s genuinely worth paying attention to. Immunefi, the blockchain security and bug bounty platform, has released its first-half 2026 report, and the headline figure is $972 million in total losses across 207 separate incidents. That’s a record number of attacks, and yet somehow less money stolen. The gap between those two facts tells you everything about where Web3 security currently stands.
- Crypto hack losses fell to $972M in H1 2026, dipping below $1 billion despite a record number of attacks.
- A record 207 incidents were recorded, yet crypto hack losses dropped sharply, suggesting better security practices are working.
- DeFi exploit damage has fallen 74% since 2022, pointing to a maturing ecosystem with stronger on-chain defences.
- The divergence between rising attack volume and falling losses is one of the most telling signals in blockchain security so far.
Table of Contents
Crypto Hack Losses Hit $972M — But Context Is Everything
$972 million is still an eye-watering number. That’s nearly a billion dollars drained from wallets, protocols, and exchanges in just six months. But compare it to the environment two or three years ago and the trajectory becomes clear. At the peak of the DeFi boom in 2022, exploit losses were dramatically higher — Immunefi’s latest data points to a 74% decline in DeFi-specific exploit damage since then. That’s not a rounding error. That’s a structural shift.
The $972M figure also matters because it breaks a pattern. Throughout 2023, 2024, and into 2025, crypto hack losses consistently crossed the $1 billion threshold in the first half of the year. Staying below it in H1 2026 — despite the highest ever attack volume — is a meaningful data point, even if it’s not cause for celebration.
What’s driving the lower crypto hack losses even as attack frequency climbs? The short answer is that the attacks are getting smaller. More incidents, but fewer catastrophic nine-figure exploits. The $100M+ single-event hacks that defined the DeFi era — the Ronin Bridge breach, the Wormhole exploit, the Nomad disaster — are becoming less common. Protocols are, slowly and painfully, getting better at preventing the scenarios where a single vulnerability collapses an entire treasury.
207 Incidents: A Record That Should Still Alarm the Industry
Let’s not bury the concerning half of this story. Two hundred and seven attacks in six months works out to roughly one incident per day. The fact that crypto hack losses stayed below $1 billion doesn’t change the reality that attackers are more active than ever — probing, testing, and exploiting wherever they can find a gap. The sheer volume of incidents means that the industry is still operating under near-constant siege.
It also raises questions about who’s being hit. Smaller protocols and newer projects tend to have weaker security postures — less funding for audits, thinner teams, newer codebases. As the larger, more established DeFi protocols harden their defences, there’s a real risk that attacks simply migrate downstream to smaller targets. Total crypto hack losses in dollar terms might drop while the number of victims — many of them smaller projects and their users — continues rising. That’s a distribution problem the aggregate statistics don’t fully capture.
There’s also the question of what isn’t being counted. Not every exploit gets reported promptly, and not every stolen amount gets accurately quantified. Immunefi’s data is among the most reliable in the space, but even the best tracking has blind spots, particularly around attacks on newer chains and cross-chain bridges where attribution can be murky.
Why DeFi’s 74% Drop in Exploit Damage Is the Real Story
The most significant number in Immunefi’s report isn’t the headline loss figure — it’s that 74% decline in DeFi exploit damage since 2022. That represents years of compounding improvements across the ecosystem: better smart contract auditing practices, the wider adoption of formal verification tools, more aggressive bug bounty programmes (Immunefi’s own platform has paid out tens of millions of dollars to white-hat researchers), and crucially, the hard institutional memory of some genuinely catastrophic failures.
The 2022 cohort of exploits was formative in a brutal way. Immunefi’s research archive documents how protocols like Ronin Network, Wormhole, and Nomad lost staggering sums through a combination of private key compromises, logic errors, and bridge vulnerabilities. Those events forced a reckoning. Investors started demanding third-party audits as a condition of funding. Users started asking harder questions about protocol security. Teams started treating security as a product feature rather than an afterthought.
Four years on, that reckoning is showing up in the data. The crypto hack losses curve is bending — not because attackers have given up, but because the defences have materially improved.
Bridges and Centralised Services: Where the Risk Remains Concentrated
Historically, cross-chain bridges have been the industry’s most dangerous attack surface. They’re complex, they hold large amounts of liquidity, and they sit at the intersection of multiple chains with different security assumptions. The string of bridge exploits in 2022 made that painfully clear. While the data suggests DeFi as a whole is improving, bridges and any infrastructure handling custody of large asset pools still represent concentrated risk — and remain a primary driver of crypto hack losses when major incidents do occur.
Centralised services — exchanges, custodians, lending platforms — remain the other major vulnerability category. These targets are attractive precisely because they centralise risk: a single compromised key or a single exploited admin function can unlock enormous value. The distinction between ‘DeFi’ and ‘CeFi’ exploits matters here, because the attack vectors are fundamentally different. Smart contract bugs versus operational security failures. Code versus people.
The industry’s improving track record on the smart contract side hasn’t yet been fully matched by equivalent improvements in how centralised services manage key security, access control, and incident response.
What the Trend Line Means for Crypto Security Going Forward
The divergence between rising incident count and falling crypto hack losses in dollar terms is one of the more encouraging signals the industry has produced in a while. It suggests that the improvements in smart contract security are real, not just statistical noise. It suggests that the money poured into auditing firms, formal verification research, and bug bounty programmes is generating measurable returns.
But the record attack volume is a warning that shouldn’t be dismissed. Security in crypto is still fundamentally adversarial — for every defensive improvement, there are well-resourced groups actively looking for the next gap. Nation-state actors, particularly those linked to North Korea’s Lazarus Group, have been responsible for some of the largest thefts in the industry’s history and haven’t gone quiet. The evolving threat landscape around AI-assisted vulnerability discovery is another variable that will need watching as the year progresses.
If the second half of 2026 continues the trend — more attacks, but smaller individual losses — the industry will end the year with its best annual crypto hack losses total in years. That would be a genuine milestone. But sustaining it will require the same discipline that got losses to this point: treating security as a constant investment rather than a one-time checkbox, and recognising that a record number of attacks means the adversaries aren’t going anywhere.
Source: The Block
Frequently Asked Questions
Why did crypto hack losses fall below $1 billion in H1 2026?
According to Immunefi’s data, crypto hack losses dropped to $972M in H1 2026 despite record attack volume. The decline is largely attributed to a 74% drop in DeFi exploit damage since 2022, though the source does not specify the exact reasons behind this improvement.
How many crypto hacks occurred in the first half of 2026?
Immunefi recorded 207 individual incidents in H1 2026, making it the highest attack volume ever recorded for a six-month period. Despite this, total financial losses were lower than in previous years, suggesting attackers are finding it harder to extract large sums.
What is Immunefi and why does its data matter?
Immunefi is a blockchain security platform referenced in reporting on crypto exploit trends. Its tracking of incident data makes it a cited source for understanding the state of Web3 security.
Has DeFi become safer over the past few years?
The data suggests yes. DeFi exploit losses have fallen 74% compared to 2022, according to Immunefi. The source does not attribute this improvement to specific causes such as particular tools, standards, or named incidents.

