Kraken's chief security officer issued a stark warning to the crypto industry today, stating that despite a sharp 70% drop in thefts to $168 million in Q1 2026, hackers are merely lying in wait for the next bull market. Nick Percoco emphasized that cybercriminals strike when value concentrates, not according to the calendar, urging that security must be treated as a permanent, non-negotiable effort as the market eyes its next major rally.

Private Keys And Smart Contracts Remain Weak Spots

That prior-year figure, however, was heavily skewed by a single incident: the $1.4 billion Bybit breach, which accounted for nearly the entire Q1 2025 total. Strip that out and the comparison looks less dramatic.

Still, the losses in early 2026 were far from small. The biggest hit came in January, when portfolio management platform Step Finance lost $40 million after attackers compromised its private keys.

Days later, on Jan. 8, decentralized protocol Truebit was drained of $26.4 million worth of ether through a smart contract manipulation. A third major incident struck stablecoin issuer Resolv Labs in late March, also through a private key compromise — the same method used in the Step Finance attack.

Private key failures and code exploits are two very different problems, but both keep appearing in the data. One is a human and operational issue. The other is a code issue. Neither has been solved.

North Korea-Linked Groups Remain A Persistent Concern

Data shows that 34 separate DeFi protocols were hit across the quarter. The attacks were spread across the period, with January bearing the heaviest losses.

Percoco described the threat pool as a mix of highly coordinated groups, organized criminal networks, and opportunistic individuals scanning for weak points in smart contracts and user-facing systems.

North Korea-linked actors have been flagged repeatedly in connection with major crypto thefts. Suspected affiliates of that network were linked to an attack on decentralized exchange Drift Protocol, which lost an estimated $285 million to a private key leak.

Featured image from Unsplash, chart from TradingView