What are the biggest crypto hack risks expected in 2026?

CertiK says phishing, deepfakes, supply chain attacks, and cross-chain vulnerabilities will drive major crypto hacks in 2026. These threats are becoming more advanced due to AI. The focus is shifting from simple exploits to complex, multi-layer attacks.

How much has been lost to crypto hacks in 2026 so far?

The industry has already lost over $600 million in 2026. A large portion came from two major April exploits, including attacks on Drift Protocol and Kelp DAO. These incidents highlight how concentrated losses can be.

What role is AI playing in crypto cyberattacks?

AI is enabling more convincing deepfakes, automated attack agents, and faster exploit development. Hackers can now scan for vulnerabilities and execute attacks at scale. This increases both the speed and sophistication of threats.

What is a supply chain attack in crypto?

A supply chain attack targets infrastructure providers or dependencies rather than the end platform directly. For example, compromising a protocol like LayerZero can impact multiple connected projects. These attacks can cause large-scale damage across ecosystems.

Why are cross-chain vulnerabilities a major risk?

Cross-chain systems rely on communication between blockchains, often through trusted intermediaries. If a single point of failure is exploited, multiple networks can be affected. This makes them attractive targets for hackers.

How are phishing and social engineering evolving in crypto?

Attackers are using AI-driven tactics, including fake video calls and impersonation. These methods trick users into revealing private keys or approving malicious transactions. The attacks are becoming harder to detect.

What happened in the Zerion hack?

Hackers linked to North Korea used AI-powered social engineering to steal around $100,000 from Zerion’s hot wallets. The attack involved gaining access to internal systems and credentials. It shows how human vulnerabilities remain a key target.

How can crypto users protect themselves from these threats?

Experts recommend verifying URLs, avoiding suspicious links, and using hardware (cold) wallets. Cold storage keeps private keys offline, reducing exposure to attacks. Basic security practices remain critical despite advanced threats.

CertiK warns AI phishing to drive crypto hacks

Written by Brie CarterPublished Apr. 23 2026Last Updated Apr. 23 2026

Security firm CertiK has warned that phishing, deepfakes and supply chain attacks will drive some of the largest crypto hacks in 2026.

Senior investigator Natalie Newson said emerging threats such as AI-powered social engineering and cross-chain vulnerabilities are already contributing to rising losses.

“The best way for investors to protect themselves is to be aware of the current threats they may face... For instance, to protect yourself against phishing, always verify the authenticity of URLs and smart contracts,”

Newson said.

The warning follows more than $600 million in crypto losses this year, including major exploits linked to North Korea-backed groups targeting platforms such as Drift Protocol and KelpDAO.

Newson said increasingly sophisticated attack methods, including real-time deepfakes and automated exploit tools, are making traditional security measures less effective.

She advised users to adopt stronger protections, including cold wallet storage, to minimise exposure of private keys and reduce reliance on exchange-based custody.

At the same time, researchers say artificial intelligence may also strengthen defences, while regulators are expanding cybersecurity oversight of digital asset firms in response to escalating threats.