Blockchain security firm CertiK has warned that the biggest crypto security threats in 2026 will likely come from phishing attacks, deepfakes, supply chain compromises, and cross-chain vulnerabilities, driven by increasingly advanced AI tools and infrastructure weaknesses.
CertiK senior investigator Natalie Newson said the industry has already lost over $600 million in 2026, mainly due to North Korea-linked incidents. These include the $293 million Kelp DAO exploit, caused by a single point-of-trust failure in LayerZero’s cross-chain messaging system, and the $280 million Drift Protocol exploit.
Another DPRK-linked case involved AI-driven social engineering. Wallet provider Zerion reported that attackers used artificial intelligence in a prolonged impersonation campaign, stealing around $100,000 from hot wallets.
Newson warned that AI is accelerating attacks, with “agentic AI” capable of scanning smart contracts, writing exploit code, and executing hacks at machine speed. She also highlighted deepfakes and phishing campaigns that trick users into revealing private keys or signing malicious transactions.
Supply chain attacks remain the most damaging category, accounting for $1.45 billion in losses in 2025, including the $1.4 billion Bybit exploit, according to CertiK data.
Regulators are responding. The U.S. Treasury’s OCCIP expanded cybersecurity oversight in 2026 to include digital asset firms, as global losses and attack sophistication continue to rise.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.