Svmuu News: Web3 security firm CertiK has released its “Hack3D: First Half of 2026 Report.” The report shows that 344 security incidents occurred in the Web3 ecosystem during the first half of 2026, resulting in cumulative losses of approximately $1.32 billion. Although this figure represents a 46.8% decrease compared to the same period last year, if the impact of the $1.45 billion security incident involving Bybit is excluded, the scale of losses in the first half of this year actually increased by about 28% year-over-year, indicating that the industry’s overall security environment has not seen any substantial improvement.
The report notes that wallet theft has become the attack type causing the greatest financial losses, resulting in approximately $450 million in losses during the first half of the year; Meanwhile, although the number of phishing attacks fell by more than 50% year-over-year, the amount of losses decreased by only about 10.8%, reflecting that attackers are shifting their focus to high-net-worth individuals and institutional targets to carry out more targeted, high-value attacks.
Furthermore, code vulnerabilities remain the most frequent type of attack, with 204 related incidents. CertiK believes that attackers are increasingly targeting legacy smart contracts that have been running for a long time and lack re-audits. The report also shows that massive attacks continue to dominate industry losses; the Kelp DAO and Drift Protocol incidents combined resulted in approximately $577 million in losses, accounting for 44% of total losses in the first half of the year. Judging by the number of incidents, the impact of individual attacks, and evolving attack patterns, the Web3 industry is facing increasingly complex and escalating security challenges.