Phishing, Deepfakes to Dominate Crypto Hacks by 2026: CertiK

Phishing attacks, real-time deepfakes, and vulnerabilities in cross-chain protocols are expected to drive the most significant crypto hacks in 2026, according to CertiK senior investigator Natalie Newson. These threats are already making their presence felt, with over $600 million stolen in the first four months of the year.

Two of the largest incidents so far in 2026 were linked to North Korean hackers. The $293 million exploit of the Kelp DAO via LayerZero’s cross-chain messaging protocol and a $280 million attack on Drift Protocol demonstrate how sophisticated attackers are targeting weak points in blockchain infrastructure. Meanwhile, Zerion, a crypto wallet provider, revealed on April 15 that hackers used AI-enabled social engineering to steal $100,000 from its hot wallets.

Newson warns that AI is amplifying the scale and speed of these attacks, with tools now capable of generating convincing deepfakes and autonomously scanning smart contracts for exploitable vulnerabilities. "The acceleration of AI in some aspects will only worsen crypto attacks," she said.

Phishing Remains a Key Entry Point

Phishing attacks remain a core strategy for crypto hackers, with losses from phishing skyrocketing 200% year-over-year by early 2026. These attacks often involve malicious links, fake crypto platforms, or impersonation of prominent figures and organizations to deceive victims. A single phishing incident involving 'address poisoning' in January 2026 resulted in a $12.25 million loss.

CertiK’s analysis indicates that supply chain attacks have also become a critical issue, accounting for $1.45 billion in losses during 2025. The Bybit hack, which cost $1.4 billion in February 2025, highlights how attackers are targeting infrastructure providers to maximize damage.

AI: Double-Edged Sword

While AI is being used offensively, it also holds potential for defense. According to CertiK, AI-powered tools are increasingly deployed to identify vulnerabilities before attackers can exploit them. For example, Anthropic’s AI model, Claude Mythos, has been used to scan systems for bugs and assist in defensive cybersecurity measures.

Bug bounty programs have also seen a surge in submissions—both valid and invalid—due to advancements in AI. These programs are becoming essential for identifying and patching vulnerabilities before they can be exploited.

Protecting Against the Next Wave

Newson advises retail investors to take proactive steps such as verifying URLs, avoiding suspicious links, and using cold wallets to store assets. Cold wallets, which isolate private keys from internet access, significantly reduce the risk of theft. "The best way for investors to protect themselves is to stay aware of threats and adopt secure storage practices," she said.

Regulators are also ramping up efforts to combat escalating threats. The U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) announced in April 2026 that it would expand its threat identification program to include digital asset companies.

Looking Ahead

With the average size of crypto hacks reaching $19.5 million in 2025, the industry faces mounting challenges to secure its infrastructure. As attackers leverage AI and other advanced tools, the need for robust defensive measures, both technological and regulatory, will only grow. For investors, staying informed and adopting best practices remains critical as the ecosystem evolves.