Инциденты безопасности блокчейна взлетели на 50% в первом полугодии 2026 года на фоне угроз цепочки поставок и ИИ.

ZRO-4,82%
AAVE-3,13%

SlowMist's mid-year report documented 182 blockchain security incidents in H1 2026, a 50% increase from 121 incidents in H1 2025, with total losses reaching approximately $956 million. The 60% decline in aggregate losses from $2.37 billion in H1 2025 was driven by the absence of a single catastrophic event rather than reduced attack frequency or sophistication. The report attributes the surge in incidents to a shift toward complex supply chain attacks and AI-driven threats, which expanded the attack surface beyond traditional smart contract vulnerabilities. DeFi remained the most targeted sector, accounting for nearly 64% of incidents and approximately $490 million in losses, while cross-chain bridges generated the highest per-incident losses at around $346 million across 20 incidents. The trend reflects an industrialization of cyber threats coinciding with global regulatory convergence on virtual asset compliance and anti-money laundering frameworks across Asia, Europe, and the Americas.

DeFi And Cross-Chain Bridges Drive H1 2026 Losses

DeFi protocols accounted for nearly 64% of all security incidents in H1 2026 and approximately $490 million in losses, according to SlowMist. Cross-chain bridges proved to be the most financially damaging category, with just 20 incidents generating cumulative losses of around $346 million. The KelpDAO exploit in April was responsible for $292 million of that total. Attackers compromised LayerZero's RPC infrastructure, launched DDoS attacks against legitimate validator nodes, and forged cross-chain messages to mint and extract assets without collateral. The stolen tokens were subsequently used as fake collateral on lending platforms such as Aave, amplifying losses across the DeFi sector. SlowMist attributed the incident to the North Korean Lazarus Group.

Supply Chain And AI Attacks Industrialize Blockchain Threats

Supply chain poisoning ranked third by incident count in H1 2026 but generated the highest total losses at approximately $298 million, primarily due to the KelpDAO case. Beyond that single event, numerous supply chain incidents targeted package management repositories, CI/CD pipelines, CDN distribution chains, and AI agent plugin marketplaces, according to the report. Phishing campaigns in H1 2026 adopted what SlowMist describes as a model of "platform-based impersonation + multi-stage interaction + dynamic payload injection." Malicious browser extensions mimicked legitimate wallet tools, Google Search advertisements directed users to clipboard-hijacking malware, and spear phishing emails disguised as audit confirmations delivered AppleScript payloads capable of establishing persistent remote access. In several cases, attackers embedded phishing infrastructure within trusted domains, including business.google.com, to circumvent automated detection systems.

AI has been deployed across the full attack lifecycle to generate convincing impersonation content, self-review malicious code for detection evasion, and optimize social engineering scripts, the report states. Deepfake voice and video technology was used in social engineering campaigns targeting high-value individuals, with documented losses reaching into the millions per incident. The Lazarus Group's subunit HexagonalRodent was observed using ChatGPT and Cursor to craft fraudulent corporate websites and fabricate management team identities for fake recruitment operations targeting Web3 developers.

Global Regulators Strengthen Virtual Asset Compliance In H1 2026

Hong Kong granted its first batch of fiat-referenced stablecoin issuer licenses in April. Taiwan upgraded its crypto regulatory regime from AML registration to full financial licensing. In the United States, the GENIUS Act's implementation moved from legislation to proposed rulemaking, while FinCEN and OFAC jointly issued draft rules establishing a unified compliance framework for licensed payment stablecoin issuers. The European Union imposed a sector-wide prohibition on transactions with crypto-asset service providers established in Russia for the first time.

SlowMist's report concludes that the proliferation of supply chain attacks, AI-assisted fraud, and nation-state-linked cybercrime organizations such as Lazarus Group has made it evident that resilience requires systematic governance covering fund flow monitoring, VASP registration, identity verification, and cross-border enforcement cooperation.

FAQ

What caused the 50% increase in blockchain security incidents in H1 2026?

SlowMist's report attributes the 50% increase to a shift toward sophisticated supply chain attacks and AI-driven threats, which expanded the attack surface beyond traditional smart contract vulnerabilities.

Which blockchain sector experienced the highest financial losses in H1 2026?

Cross-chain bridges generated the highest per-incident losses at around $346 million across 20 incidents, with the KelpDAO exploit in April accounting for $292 million of that total, according to SlowMist.

What regulatory actions did Hong Kong take in H1 2026?

Hong Kong granted its first batch of fiat-referenced stablecoin issuer licenses in April, as documented in the SlowMist report.

Дисклеймер: Информация на этой странице может быть получена из источников третьих сторон и предоставляется только для ознакомления. Она не отражает взгляды или мнения Gate и не является финансовой, инвестиционной или юридической рекомендацией. Торговля виртуальными активами связана с высоким риском. Пожалуйста, не основывайте свои решения исключительно на данных этой страницы. Подробнее смотрите в Дисклеймере.
комментарий
0/400
Нет комментариев