According to CertiK senior blockchain researcher Natalie Newson, real-time deepfakes, phishing attacks, supply chain breaches and cross-chain vulnerabilities are likely to cause some of the biggest hacks in 2026.
The industry has already lost more than $600 million to hacks in 2026, largely due to two North Korea-linked cryptocurrency thefts in April, including Saturday’s $293 million Kelp DAO exploit, which involved a single point of trust failure in the LayerZero cross-chain messaging protocol infrastructure, and the $280 million Drift Protocol exploit.
Another DPRK-linked attack involved the utilize of artificial intelligence for social engineering purposes. Cryptocurrency wallet Zerion revealed on April 15 that North Korean hackers used artificial intelligence in a long-running social engineering attack to steal approximately $100,000 from the company’s balmy wallets.
Newson warned that “in some respects” accelerating AI will only make crypto attacks worse.
“The best way to protect investors is to be aware of the current threats they may face… For example, to protect against phishing, always check the authenticity of URLs and smart contracts,” Newson said.
Newson said that as exploits become more sophisticated, retail investors should explore options for storing data outside of cryptocurrency exchanges.
“Using cold wallets can help secure resources you don’t use regularly and allows you to sign transactions without revealing your private keys,” she said.
Artificial intelligence can be used to defend against attacks
“There are now more convincing deepfakes, autonomous attack agents, and ‘agentic AI’ that can autonomously scan smart contracts for bugs, develop exploit code, and launch attacks at machine speed,” she said.
On April 6, Cointelegraph reported that a threat actor known as “Jinkusu” was allegedly selling cybercrime tools designed to bypass Know Your Customer (KYC) controls at banks and crypto platforms using deepfakes and voice manipulation.
“At the same time, artificial intelligence can be one of the greatest safeguards,” Newson said.
Cointelegraph recently reported that the rise of artificial intelligence has led to a flood of bug bounty reports, both valid and invalid. Anthropic’s Claude Mythos AI model, purportedly capable of finding vulnerabilities in major operating systems, was deployed defensively with release to a confined group of technology companies.
In response, the actions of regulatory authorities are becoming more stringent
In December 2025, CertiK informed Cointelegraph that cryptocurrency hackers stole $3.3 billion in 2025.
The company said supply chain breaches emerged as the most damaging threat, causing $1.45 billion in losses from just two incidents, including the $1.4 billion Bybit breach in February 2025.
Related: Telegram CEO Durov warns that the EU’s age verification app could enable wider tracking
“The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming increasingly active across the ecosystem,” the report said, predicting an boost in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.
Regulators are responding. April 9 The U.S. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) announced Thursday that it is expanding its cybersecurity threat identification program to include digital asset companies.
Warehouse: Adam Back says current demand is “almost” enough to push Bitcoin’s price to $1 million
