In Q1 2026, Web3 projects lost over $460 million due to hacking and scams, with phishing attacks dominating.
According to Cointelegraph, Hacken, a blockchain security firm, released its Q1 2026 report revealing that Web3 projects suffered $464.5 million in losses due to hacking and scams during the quarter. Phishing and social engineering attacks accounted for $306 million—making them the primary source of losses. A hardware wallet scam in January alone caused $282 million in losses, representing 81% of the quarter’s total losses. Smart contract vulnerabilities led to $86.2 million in losses, while failures in access control—including compromised private keys and cloud services—resulted in $71.9 million in losses. The report notes that the largest security incidents predominantly occurred in off-chain operations and infrastructure layers—areas typically beyond the scope of traditional audits. Europe’s regulatory frameworks, MiCA and DORA, are increasingly imposing stricter requirements on security monitoring and incident response, and global regulators are also raising standards for real-time monitoring and emergency response.