Crypto platforms have already lost more than $600 million in hacks in the first months of 2026. Two large breaches linked to North Korean groups account for most of the damage. The scale and timing of the attacks suggest coordinated planning rather than isolated exploits.
Kelp DAO and Drift Protocol Face Major Breaches
Kelp DAO absorbed the biggest hit. Attackers took around $293 million by exploiting a trust weakness in the LayerZero messaging system. Instead of breaking core code directly, they targeted how systems communicate with each other. That kind of flaw often sits unnoticed until someone pushes it hard.
Drift Protocol faced a similar fate shortly after. Losses reached about $280 million. The closeness of both attacks raised questions across the industry. Some analysts see a pattern. High-value DeFi systems with complex bridges and messaging layers are becoming repeated targets.
These incidents show a shift in focus. Hackers are not guessing anymore. They map systems first, then hit where dependencies create blind spots.
AI Shows Up in Smaller but Telling Attack
A different case surfaced through Zerion. Hackers tied to North Korea used AI-assisted social engineering to drain roughly $100,000 from hot wallets. The number is small compared to DeFi exploits, but the method stands out.
Instead of exploiting code, attackers leaned on persuasion. AI helped them refine messages, mimic tone, and extend conversations long enough to gain trust. It shows how low-cost tools can now support high-efficiency scams.
Around the same time, a threat actor known as “Jinkusu” appeared on underground forums. The actor reportedly sold deepfake and voice-cloning tools aimed at bypassing identity checks in exchanges and banks. That includes KYC systems that rely on facial or voice verification.
Security Experts See Two Sides to AI
Blockchain investigator Natalie Newson from CertiK points out that AI changes both attack and defense. It sharpens scams but also helps detection systems catch suspicious behavior faster.
Still, her advice stays simple. Check every contract before interacting. Confirm URLs carefully. Keep idle funds off exchanges where possible.
Cold wallets remain the safest option in her view. They store keys offline, which removes direct exposure to online attacks. Signing happens without revealing private credentials to connected systems.
She also points to supply chain attacks as a growing concern. In 2025, two major incidents caused about $1.45 billion in losses, including the Bybit hack. These attacks go after dependencies, not just users or front-end systems.
AI Enters Defense Tools Too
Not all AI activity sits on the attacker side. Anthropic introduced Claude Mythos, a tool aimed at scanning systems for vulnerabilities. It is still in early testing with select companies, but the goal is early detection of weak points before exploitation happens.
The arms race is visible now. One side builds faster deception tools, the other builds faster detection systems. Neither side has a clear edge.
Regulators Start Treating Crypto Like Core Finance
Governments are also paying closer attention. The US Treasury’s cybersecurity office announced expanded monitoring for digital asset firms on April 9. Officials now treat crypto infrastructure as part of critical financial systems.
That shift brings more oversight pressure. It also signals that crypto security is no longer treated as a niche concern. It sits closer to traditional banking risk frameworks now.
A Market Under Pressure
Early 2026 paints a mixed picture. Large protocol failures, AI-assisted scams, and identity spoofing tools all point to a more complex threat landscape.
The surprising part is not just the losses. It is how varied the methods have become. Smart contract bugs, social engineering, and synthetic identities now sit in the same threat pool.
Security teams face a moving target. Fix one weakness, and another appears. The system keeps evolving, and so do the attacks around it.
