Real-time deepfakes, phishing attacks, supply chain compromises and cross-chain vulnerabilities will likely be the root of some of the biggest hacks in 2026, according to CertiK senior blockchain investigator Natalie Newson.

The industry has already lost over $600 million to hacks in 2026, due largely to two North Korea-linked crypto thefts in April, including the $293 million Kelp DAO exploit on Saturday involving a single point-of-trust failure in cross-chain messaging protocol LayerZero’s infrastructure, and the $280 million exploit of the Drift Protocol.

Another DPRK-linked attack involved the use of AI for social engineering. Crypto wallet Zerion revealed on April 15 that North Korean-affiliated hackers used AI in a long-term social engineering attack to steal about $100,000 from the company’s hot wallets.

Newson warned that, in “some aspects,” the acceleration of AI will only worsen crypto attacks.

 “The best way for investors to protect themselves is to be aware of the current threats they may face... For instance, to protect yourself against phishing, always verify the authenticity of URLs and smart contracts,” Newson said.

Newson said that as exploits become more sophisticated, retail investors should explore storage options outside of crypto exchanges. 

“Using cold wallets can help keep assets that you don’t use regularly safe and allows you to sign transactions without ever exposing your private keys,” she said. 

AI could be used to defend against attacks

“There are now more convincing deepfakes, autonomous attack agents, and ‘agentic AI’ that can autonomously scan smart contracts for bugs, draft exploit code and execute attacks at machine speed," she said.

On April 6, Cointelegraph reported that a threat actor known as “Jinkusu” was allegedly selling cybercrime tools designed to bypass Know Your Customer (KYC) checks at banks and crypto platforms, using deepfakes and voice manipulation.

“At the same time, AI can also be one of the biggest defenses,” said Newson. 

Cointelegraph recently reported that an increase in AI use has led to a flood of bug bounty submissions, both valid and invalid. Anthropic’s AI model Claude Mythos, claimed to have the ability to find vulnerabilities in major operating systems, has been deployed defensively with a release to a limited set of tech firms.

Regulators are escalating in response

CertiK shared with Cointelegraph in December 2025 that crypto hackers stole $3.3 billion in 2025. 

The company said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February 2025.

"The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem," the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.

Regulators are responding. On April 9, the US Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) announced on Thursday that it is expanding its cybersecurity threat identification program to include digital asset companies.