Blockchain security firm SlowMist reported 182 security incidents in the first half of 2026, marking a roughly 50% increase from the same period in 2025. Despite the higher incident count, total recorded losses fell by about 60%, dropping to $956 million from $2.37 billion in the first half of last year.
The data points to a divergence between exploit frequency and financial impact across on-chain infrastructure. Attacks are becoming more frequent, but the largest losses appear increasingly concentrated in specific infrastructure failures rather than broad ecosystem-wide breaches.
Smart Contract Bugs and Supply Chains Drive Losses
Smart contract and logic vulnerabilities accounted for the highest number of incidents, with 85 exploits responsible for approximately $152 million in tracked losses. That category remained the most common attack surface during the reporting window.
Private key and credential compromises followed with 17 incidents totaling about $130 million. These breaches highlight the continued risk around operational security, access control and credential management across crypto teams and infrastructure providers.
Supply chain attacks produced the largest financial damage despite fewer cases. SlowMist tracked 12 such incidents, but losses from that category reached approximately $298 million, showing how dependency chains and development workflows can create outsized exposure.
Ethereum remained the most frequently targeted ecosystem in the first half of the year, with related breaches causing an estimated $134 million in damages. The pattern suggests attackers continue to focus on the deepest liquidity environments and the largest base of deployed applications.
Cross-Chain Infrastructure Remains a High-Risk Layer
Cross-chain infrastructure accounted for 20 bridge-related incidents and $346 million in cumulative losses. Bridges remain a critical risk zone because they combine complex verification logic, large liquidity reserves and operational dependencies across multiple networks.
The largest single incident involved Kelp DAO and a 1-of-1 Decentralized Verification Network configuration on a LayerZero-powered bridge. SlowMist said attackers compromised LayerZero’s RPC infrastructure and used distributed denial-of-service tactics to forge cross-chain verification messages.
That exploit resulted in approximately $292 million in losses and was traced by SlowMist to a subgroup of the Lazarus Group. The incident highlights how centralized validation points in cross-chain routing can become concentrated failure points for bridged liquidity.
The report also documented rising use of AI across attack workflows. State-aligned operators and independent threat groups are using AI-assisted tools for code generation, phishing optimization and reconnaissance against blockchain teams.
One case involved HexagonalRodent using AI-enhanced recruitment campaigns to distribute backdoored development environments to blockchain engineers. Another May 2026 incident showed an AI-driven trading bot accepting Morse code instructions from a public chat after receiving a high-privilege NFT, triggering an automated transfer of roughly $175,000.
Recovery Efforts Improve but Losses Remain Difficult to Reverse
SlowMist tracked 18 cases where stolen funds were frozen or returned during the first half of 2026. Across those incidents, roughly $389 million had been stolen, with nearly $118 million recovered or blocked.
That recovered amount represented about 12.3% of total losses tracked during the period. SlowMist also reported direct involvement in freezing or recovering an additional $5.16 million through its threat intelligence network and cross-jurisdictional tracking channels.
The figures suggest post-exploit response infrastructure is improving, but most lost capital remains difficult to recover. Funds can still move through unresponsive contracts, layered routing paths or jurisdictions where enforcement coordination is slow.
For now, SlowMist’s mid-year assessment shows a crypto security landscape with more incidents but fewer catastrophic aggregate losses. The next major pressure points are cross-chain verification standards, supply chain security, credential hygiene and safer execution models for AI-driven agents.








