Cybercriminals targeting cryptocurrencies do not operate on a set schedule. They move when money moves.
That was the main message from Kraken’s chief security officer, Nick Percoco, who told reporters that hacking activity at Kraken encryption The space tends to surge during bull markets, major product launches, and periods of rapid growth — not because of the calendar, but because those are the moments when the most value is concentrated in one place.
“Vulnerabilities can be exploited in any market environment,” Percoco said, warning that security in cryptocurrencies should be treated as an ongoing effort, not a seasonal one.
His comments came as new data showed a significant decline in cryptocurrency theft during the first three months of 2026. DevillamaHackers pulled $168 million from 34 decentralized finance protocols between January and March, a sharp decline from the $1.58 billion stolen during the same period last year.
DefiLlama reports that stolen funds in Q1 2026 were down from the previous year.
Private keys and smart contracts remain vulnerabilities
However, the previous year’s figure was severely skewed by one incident: $1.4 billion Bybit breachwhich represents approximately the total for the first quarter of 2025. Take that away and the comparison seems less dramatic.
However, the losses in early 2026 were not small at all. The biggest blow came in January, when portfolio management platform Step Finance lost $40 million after attackers compromised its private keys.
Days later, on January 8, decentralized protocol Truebit was drained of $26.4 million worth of ether through smart contract manipulation. A third major incident that hit stablecoin issuer Resolv Labs occurred in late March, also through a private key compromise – the same method used in the Step Finance attack.
Private key and token failed exploited They are two very different problems, but both keep showing up in the data. One is a humanitarian and operational issue. The other is a code problem. Neither of them has been resolved.
North Korea-linked groups remain an ongoing concern
Data indicates that 34 separate DeFi protocols were hacked during the quarter. Attacks spread during this period, and January witnessed the largest losses.
Percoco described the threat landscape as a mix of highly coordinated groups, organized criminal networks, and opportunistic individuals looking for vulnerabilities in smart contracts and user-facing systems.
North Korea-linked actors have been repeatedly reported in connection with major cryptocurrency thefts. Suspected affiliates of that network were linked to the attack on the decentralized exchange protocol Drift, which lost an estimated $285 million due to a private key leak.
Featured image from Unsplash, chart from TradingView
Editing process Bitcoinist focuses on providing well-researched, accurate, and unbiased content. We adhere to strict sourcing standards, and every page is carefully reviewed by our team of senior technology experts and experienced editors. This process ensures the integrity, relevance, and value of our content to our readers.
