Crypto Hacks Dropped Sharply In Early 2026, But Experts Say The Threat Isn’t Going Away
Cybercriminals who goal crypto are usually not working on a set schedule. They transfer when the cash strikes.
That was the important thing message from Kraken’s chief safety officer, Nick Percoco, who instructed reporters that hacking exercise within the crypto house tends to spike throughout bull markets, main product launches, and intervals of speedy development — not due to the calendar, however as a result of these are the moments when essentially the most worth is concentrated in a single place.
“Vulnerabilities will be exploited in any market surroundings,” Percoco stated, warning that safety in crypto needs to be handled as an ongoing effort, not a seasonal one.
His feedback got here as new information confirmed a notable drop in crypto theft through the first three months of 2026. According to DefiLlama, hackers pulled $168 million from 34 decentralized finance protocols between January and March — a steep fall from the $1.58 billion stolen throughout the identical interval final 12 months.
Private Keys And Smart Contracts Remain Weak Spots
That prior-year determine, nonetheless, was closely skewed by a single incident: the $1.4 billion Bybit breach, which accounted for practically the complete Q1 2025 complete. Strip that out and the comparability seems much less dramatic.
Still, the losses in early 2026 had been removed from small. The greatest hit got here in January, when portfolio administration platform Step Finance misplaced $40 million after attackers compromised its personal keys.
Days later, on Jan. 8, decentralized protocol Truebit was drained of $26.4 million value of ether via a sensible contract manipulation. A 3rd main incident struck stablecoin issuer Resolv Labs in late March, additionally via a personal key compromise — the identical methodology used within the Step Finance assault.
Private key failures and code exploits are two very totally different issues, however each preserve showing within the information. One is a human and operational difficulty. The different is a code difficulty. Neither has been solved.
North Korea-Linked Groups Remain A Persistent Concern
Data reveals that 34 separate DeFi protocols had been hit throughout the quarter. The assaults had been unfold throughout the interval, with January bearing the heaviest losses.
Percoco described the risk pool as a mixture of extremely coordinated teams, organized legal networks, and opportunistic people scanning for weak factors in sensible contracts and user-facing techniques.
North Korea-linked actors have been flagged repeatedly in reference to main crypto thefts. Suspected associates of that community had been linked to an assault on decentralized trade Drift Protocol, which misplaced an estimated $285 million to a personal key leak.
Featured picture from Unsplash, chart from TradingView
