Blockchain security firm CertiK has warned that phishing campaigns, AI-generated deepfakes, supply chain compromises, and cross-chain vulnerabilities will drive the most destructive crypto hacks of 2026. The supporting evidence appears in TRM Labs.
The alert comes as the industry has already suffered more than $600 million in losses this year, with April alone accounting for the bulk of the damage.
CertiK senior blockchain investigator Natalie Newson attributed a significant portion of April’s losses to two North Korea-linked exploits: a $293 million attack on Kelp DAO through a single point-of-trust failure in LayerZero’s cross-chain messaging infrastructure, and a $280 million exploit of Drift Protocol.
Both incidents underscore how interconnected protocol design can amplify exposure when one component fails.
AI Cuts Both Ways in the Security War
Newson said AI is accelerating threats in ways that were not practical even 18 months ago. “There are now more convincing deepfakes, autonomous attack agents, and ‘agentic AI’ that can autonomously scan smart contracts for bugs, draft exploit code and execute attacks at machine speed,” she said.
That capability is already being tested against real targets.
Crypto wallet provider Zerion disclosed on April 15 that North Korean-affiliated hackers used AI tools in a sustained social engineering campaign, ultimately stealing roughly $100,000 from the company’s hot wallets.
A separate threat actor identified as “Jinkusu” was reported to be selling deepfake and voice-manipulation tools engineered to bypass KYC checks at banks and crypto platforms.
Newson acknowledged that AI is not purely an offensive weapon. “At the same time, AI can also be one of the biggest defenses,” she said.
Anthropic’s Claude Mythos model, which its developers claim can identify vulnerabilities in major operating systems, has been deployed in a limited defensive capacity with a select group of technology firms.
Security teams are also reporting a surge in AI-assisted bug bounty submissions, though the volume of low-quality reports has risen alongside legitimate findings.
What Investors Can Do Now
Newson stressed that basic hygiene remains the most overlooked line of defense. “The best way for investors to protect themselves is to be aware of the current threats they may face.
For instance, to protect yourself against phishing, always verify the authenticity of URLs and smart contracts,” she said. She also recommended that retail investors move assets they do not actively trade off exchanges entirely.
“Using cold wallets can help keep assets that you don’t use regularly safe and allows you to sign transactions without ever exposing your private keys,” Newson added. The advice reflects a broader pattern CertiK documented in its end-of-2025 review, which recorded $3.3 billion in total crypto theft for that year.
Supply chain breaches alone accounted for $1.45 billion across just two incidents, including the $1.4 billion Bybit hack in February 2025.
CertiK’s report predicted that supply chain attacks would grow more sophisticated through 2026, warning that “well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem.” According to TRM Labs’ 2026 Crypto Crime Report, state-linked groups remain among the most capable and persistent adversaries targeting the sector. The combination of AI tooling, cross-chain complexity, and social engineering gives those groups more entry points than ever before.
Not Financial Advice: This article is for informational purposes only. Crypto investments are highly volatile. Always do your own research.
