AI-driven exploits and cross-chain flaws have pushed crypto security risks into focus in 2026, experts at CertiK warn, with losses already crossing $600 million.
Summary
- Crypto losses have crossed $600 million in 2026, driven largely by major exploits linked to North Korean actors.
- A $293 million Kelp DAO breach tied to LayerZero infrastructure failure and a $280 million Drift Protocol hack accounted for most April losses.
- Security experts warn that AI-driven phishing, deepfakes, and automated exploit tools are making attacks faster and harder to detect.
According to the blockchain security firm, attackers have leaned on a mix of social engineering, infrastructure weaknesses, and increasingly advanced tooling to carry out some of the year’s largest breaches.
Losses have been heavily concentrated in a handful of high-impact incidents. April alone saw two major thefts linked to North Korean actors.
One of them involved a $293 million exploit at Kelp DAO, where a failure in cross-chain messaging infrastructure tied to LayerZero allowed attackers to bypass safeguards built around trust assumptions. Another breach targeted Drift Protocol, resulting in roughly $280 million in losses.
CertiK senior blockchain investigator Natalie Newson said the pace and nature of attacks point to a more complex threat environment taking shape. Real-time deepfakes, phishing campaigns, supply chain compromises, and cross-chain vulnerabilities, she noted, are likely to sit at the center of major exploits heading into 2026.
An earlier incident highlighted how AI tools are already being used in practice. On April 15, crypto wallet provider Zerion disclosed that North Korean-linked hackers carried out a prolonged social engineering campaign, eventually extracting around $100,000 from its hot wallets.
“The best way for investors to protect themselves is to be aware of the current threats they may face… For instance, to protect yourself against phishing, always verify the authenticity of URLs and smart contracts,” Newson said.
Security concerns are not limited to external attacks. Storage practices remain a weak point, especially for retail participants.
“Using cold wallets can help keep assets that you don’t use regularly safe and allows you to sign transactions without ever exposing your private keys,” she added.
Attention has also turned to how artificial intelligence is changing both sides of the equation. Tools capable of generating convincing deepfakes and automating exploit development are becoming easier to access.
“There are now more convincing deepfakes, autonomous attack agents, and ‘agentic AI’ that can autonomously scan smart contracts for bugs, draft exploit code, and execute attacks at machine speed,” Newson added.
Earlier this month, a threat actor known as “Jinkusu” was reportedly offering cybercrime tools designed to bypass Know Your Customer checks across banks and crypto platforms, relying on voice manipulation and deepfake technology.
At the same time, defensive use of AI is beginning to pick up. Increased automation has led to a surge in bug bounty submissions across the industry, even if not all findings are valid. One example includes Claude Mythos, an AI system developed by Anthropic, which has been tested in limited deployments for identifying vulnerabilities in major operating systems.
