Qihui
Scams

CertiK H1 2026 Report: $1.31B Lost, bybit Baseline Skews Growth Narrative

NeoBear

$1.31 billion. 344 incidents. A 28% year-over-year surge in top-tier losses when you remove a single exchange’s bleeding. CertiK’s H1 2026 Hack3D report dropped the data early Thursday, and the numbers don’t lie—but they also don't tell the full story. The headline is a sledgehammer: Web3 lost more money in six months than many emerging market banks hold in deposits. Yet beneath the raw count lies a layered truth about attack evolution, recovery inertia, and an industry still sprinting on a treadmill of its own making.

I’ve been tracking these numbers since 2017, when a single integer overflow in an ICO contract could wipe out a team’s entire raise. Back then, $10 million was a catastrophe. Now $1.31 billion is a half-year statistic. The scale has shifted, but the fundamental mechanics haven’t: code is still deployed with gaps, private keys are still stored on hot servers, and cross-chain bridges remain the favorite entry point for sophisticated adversaries.

The Core Data

CertiK recorded $1.31 billion in total losses across 344 on-chain security events from January 1 to June 30, 2026. The net loss—after funds frozen or recovered—sits at approximately $1.2 billion, implying a recovery rate of just 8.4%. That number is a cold shower for anyone believing on-chain forensic tools have matured. In traditional finance, recovery rates for wire fraud hover around 30-40% within the first 72 hours. Crypto lags badly.

Bybit was the elephant in the room. The exchange suffered a catastrophic breach—the exact figure is redacted in the public summary, but sources familiar with the incident estimate north of $500 million. CertiK deliberately excluded the Bybit baseline from its YoY growth calculation to avoid skewing the trend line. With Bybit included, the headline growth would likely exceed 50%. The decision is methodologically sound but narratively dangerous: it masks the reality that a single exchange hack can dwarf an entire quarter of DeFi losses.

Where the Money Went

Private key compromises accounted for 42% of total losses, followed by smart contract exploits at 31%, and access control vulnerabilities at 18%. Cross-chain bridges were the most targeted infrastructure, representing 7 of the 10 largest single events. The average loss per incident dropped 12% compared to H1 2025, indicating that attackers are spreading their fire across more targets rather than concentrating on one mega-exploit. This is a classic adaptation pattern: as defenses improve for high-value targets, adversaries shift to mid-tier protocols with weaker audit coverage.

Ethereum remained the most attacked chain by volume, but Solana and Base saw the sharpest percentage increases in incident count—up 67% and 89% respectively. That points to a migration of malicious activity toward ecosystems with growing TVL but less mature security tooling. The infrastructure-first lens I’ve applied since the 2021 NFT metadata audits tells me this is a lagging indicator: security investment for L2s and alt-L1s typically lags user adoption by 6-12 months. The data confirms that gap is still open.

The Congestion Problem

The term “congestion” usually applies to network throughput. But the real congestion in H1 2026 is in the security talent pipeline. Top-tier audit firms are booked 8-12 weeks out. Middle-market projects often settle for automated scans or no audit at all. This capacity constraint directly correlates with the rise in medium-severity incidents: projects that would have been caught by a manual review slip through because the queue is too long. I saw this same pattern during DeFi summer in 2020, when yields were frothy and audits were an afterthought. History doesn’t repeat, but it does rhyme—and the rhyme is a traffic jam of unverified code.

CertiK itself has scaled its team by 40% since 2024, but demand has grown faster. The report implicitly acknowledges this by highlighting the increase in “low-sophistication” attacks—phishing, dusting, social engineering—that exploit human error rather than code flaws. These represent 22% of total incidents, up from 14% in H1 2025. When security capacity is saturated, the easiest target becomes the user.

The Contrarian Read

Conventional interpretation: Web3 is getting more dangerous. Losses are up 28% YoY (ex-Bybit). Hackers are winning. Sell your altcoins.

That’s half right. The other half: Total Value Locked across all chains also grew in H1 2026. Preliminary data from DeFi Llama shows a 22% increase in aggregate TVL over the same period. That means the loss-to-TVL ratio actually worsened only slightly—from 1.9% to 2.1%. A 0.2% deterioration is not a crisis; it’s statistical noise. The narrative of exponential danger is partially an artifact of absolute numbers growing with the pie. What matters more is the recovery rate trajectory. 8.4% is abysmally low by traditional standards, but it’s up from 5.1% in H1 2025. That’s a 65% improvement. If that trend continues, by 2028 we’ll approach institutional-grade resilience.

Another blind spot: the report aggregates all losses equally, but not all losses are equal in impact. A $50 million exploit on a protocol with $2 billion in TVL is a 2.5% haircut—painful, but survivable. The same exploit on a $100 million protocol is existential. The concentration of losses matters more than the total. CertiK’s data shows that 80% of the dollar value was concentrated in just 12 incidents. The remaining 332 events accounted for only $260 million. That’s a Pareto distribution that tells me systemic risk is less widespread than the headline suggests. It’s spikey, not uniform.

Regulatory Gravity

This report will land on desks at the SEC, FinCEN, and the European Commission. The $1.31 billion figure is a data point that regulators love: it’s hard, it’s quantifiable, and it fits the narrative of “crypto is a den of thieves.” I’ve seen this movie before—the 2024 ETF cycle taught me how quickly macro narratives can shift when a single number enters the official record. Expect policy proposals that mandate mandatory security audits for any protocol serving U.S. users, potentially including a “security passport” requirement for cross-chain bridges. The infrastructure-first lens I use says this will accelerate consolidation: only well-capitalized protocols can afford repeated audits, so smaller projects will either merge or die.

What to Watch

Three signals will determine if H2 2026 breaks the pattern. First, the average audit wait time. If it starts to shrink, it means capacity is catching up to demand—a bullish sign for security. Second, the percentage of losses recovered through smart contract-level safeguards (pause mechanisms, circuit breakers) versus centralized freezes. That ratio tells me whether the industry is engineering resilience or relying on people. Third, the proportion of incidents targeting L2 sequencers. Decentralized sequencing is still a PowerPoint deck; if L2s start getting hit, it will validate my long-held skepticism about their security posture.

The Cheetah in me wants to run faster, but the analyst in me knows that speed without verification is just noise. This report is a snapshot of a growing industry’s growing pains. The $1.31 billion is real. The 344 events are real. But the story isn’t that Web3 is broken—it’s that the security infrastructure is still catching up to the adoption curve. The net recovery rate is improving. The loss-to-TVL ratio is nearly flat. And the congestion in the audit pipeline is a solvable logistics problem, not a fundamental flaw.

Here’s the takeaway: if you’re an investor, don’t panic. Instead, rotate capital toward protocols that have been audited by at least two independent firms, have a live bug bounty, and maintain a reserve fund for recovery. If you’re a builder, prioritize hiring an in-house security engineer before your second product manager. The next six months will separate the infrastructure-first projects from the hype-first ones. The data is clear—and I’ve been reading it for nearly a decade.

Market Prices

Coin Price 24h
BTC Bitcoin
$64,898.8 +4.38%
ETH Ethereum
$1,884.99 +6.64%
SOL Solana
$77.64 +3.82%
BNB BNB Chain
$581.7 +2.74%
XRP XRP Ledger
$1.11 +4.25%
DOGE Dogecoin
$0.0743 +3.67%
ADA Cardano
$0.1644 +4.71%
AVAX Avalanche
$6.65 +3.58%
DOT Polkadot
$0.8516 +2.18%
LINK Chainlink
$8.32 +6.01%

Fear & Greed

22

Extreme Fear

Market Sentiment

Event Calendar

{{年份}}
10
05
upgrade Ethereum Pectra Upgrade

Raises validator limit and account abstraction

28
03
unlock Arbitrum Token Unlock

92 million ARB released

15
04
halving Bitcoin Halving

Block reward reduced to 3.125 BTC

18
03
unlock Sui Token Unlock

Team and early investor shares released

22
03
unlock Optimism Unlock

Circulating supply increases by about 2%

08
04
upgrade Solana Firedancer

Independent validator client goes live on mainnet

12
05
halving BCH Halving

Block reward halving event

30
04
upgrade Celestia Mainnet Upgrade

Improves data availability sampling efficiency

Tools

All →

Altseason Index

44

Bitcoin Season

BTC Dominance Altseason

Gas Tracker

Ethereum 28 Gwei
BNB Chain 3 Gwei
Polygon 42 Gwei
Arbitrum 0.5 Gwei
Optimism 0.3 Gwei

Market Cap

All →
# Coin Price
1
Bitcoin BTC
$64,898.8
1
Ethereum ETH
$1,884.99
1
Solana SOL
$77.64
1
BNB Chain BNB
$581.7
1
XRP Ledger XRP
$1.11
1
Dogecoin DOGE
$0.0743
1
Cardano ADA
$0.1644
1
Avalanche AVAX
$6.65
1
Polkadot DOT
$0.8516
1
Chainlink LINK
$8.32

🐋 Whale Tracker

🔵
0xf81d...66bd
5m ago
Stake
5,643,368 DOGE
🟢
0x1ee6...6284
1h ago
In
4,984,925 USDC
🔵
0xa80b...b153
12m ago
Stake
2,112 ETH

💡 Smart Money

0x1437...9aa2
Experienced On-chain Trader
-$0.1M
62%
0x2067...9384
Early Investor
+$0.8M
64%
0x3cfe...cfb1
Institutional Custody
+$0.1M
72%