Private keys, not smart contracts, caused 40% of crypto's $16 billion hack losses. Here's whats being done.
CoinDesk 2026-06-29 15:45:18
Context: The cryptocurrency industry has lost approximately $16.69 billion to hacks, with about 40% of these losses attributed to stolen private keys rather than flaws in blockchains or smart contracts. This vulnerability is being addressed through the implementation of multi-party computation, account abstraction, and stronger security practices. The issue lies in the management and storage of private keys, which are often compromised due to operational security failures.
Key Facts
- The cryptocurrency industry has lost approximately $16.69 billion to hacks, with about 40% of these losses, or around $6.676 billion, tied to stolen private keys rather than flaws in blockchains or smart contracts.
- Security experts, including CertiK, a leading blockchain and Web3 security firm, have noted that most losses stem from key-management and operational failures in systems, people, and third-party tools, rather than from broken cryptography.
- Private key hacks fall into two categories: brute-force attacks, where attackers guess or brute-force their way to a user's private key, and unknown methods, where the private key is leaked, but the exact method is unclear.
- The industry is moving towards fixing the private key vulnerability issue through the implementation of multi-party computation (MPC) wallets, account abstraction with social recovery, passkey-based login, hardware wallet enforcement, and proper key management SOPs.
- Wish Wu, co-founder and CEO of Pharos, notes that most blockchain infrastructure was originally built for a single-user, single-key model, which goes against basic security principles that traditional finance has relied on for decades, such as multiple layers of defense and separation of duties.