Table of contents I. Introduction1II. Blockchain Security Situation22.1 Security Incident Overview32.2 Attack Methods72.2.1 Phishing Attack72.2.2 Social Engineering Attacks182.2.3 Supply Chain Poisoning222.2.4 AI-Driven Attacks312.2.5 Cryptographic Attacks42III. Anti-Money Laundering Landscape463.1 Global Regulatory Dynamics463.1.1 Asia463.1.2 Middle East513.1.3 Europe523.1.4 Americas533.1.5 Africa553.1.6 Oceania553.2 Funds Freezing / Recovery Data563.3 Cybercrime Organizations and Dynamics563.3.1 Lazarus Group563.3.2 Drainers623.4 Privacy Protocols65IV. Conclusion69V. Disclaimer70VI. About Us71 I. Introduction In thefirst half of 2026, while the blockchain industry continues to develop rapidly, both thesecurity threat landscape and regulatory environment have entered a new phase of evolution.With the continuous advancement of emerging applications such as DeFi, cross-chaininfrastructure, and AI agents, the attack surface has continued to expand. Attack targets haveshifted from smart contracts alone to the broader developer ecosystem, endpoint devices, supplychains, and user trust systems. Meanwhile, the widespread adoption of artificial intelligence hasfurther lowered the barriers to social engineering and automated attacks, driving threat activitiestoward greater professionalism, scale, and persistence. On the regulatory side, institutional frameworks surrounding stablecoins, Anti-Money Laundering(AML), and Virtual Asset Service Providers (VASPs) continue to evolve, and the industry isaccelerating toward a development stage where security, compliance, and governance are jointlyemphasized. Today, blockchain security is no longer limited to smart contracts or isolated protocol risks. It hasevolved into a systemic challenge encompassing protocol security, supply chain security,endpoint security, identity trust, andfinancialflow governance. Nation-state threat actors remainhighly active, while new attack vectors such as drainer-as-a-service operations, supply chainpoisoning, and AI-driven scams continue to emerge. These developments are pushing securitydefenses from vulnerability patching toward full lifecycle risk management, making securitycapability a foundational pillar of industry growth. As a pioneer in blockchain security, SlowMist continues to stay at the forefront of technologicaldevelopments, with sustained efforts in threat intelligence, large language model (LLM) security,traceability and attribution, and compliance-oriented anti-money laundering infrastructure.Against this backdrop, this report focuses on major security incidents in thefirst half of 2026,global regulatory developments, and trends in on-chain anti-money laundering technologies. Itaims to provide timely, structured, and forward-looking insights for industry practitioners, securityresearchers, and compliance professionals, helping the ecosystem enhance its capabilities in riskidentification, response, and prediction under an increasingly compliant and adversarialenvironment. II. Blockchain Security Situation In thefirst half of 2026, the blockchain industry continued to face severe security challenges.According to incomplete statistics from theSlowMist Hackeddatabase, a total of 182 securityincidents were recorded in thefirst half of the year, resulting in approximately $956 million inlosses. Compared to thefirst half of 2025 (121 incidents with approximately $2.373 billion inlosses), the number of incidents increased by about 50.41% year-on-year, while total lossesdecreased by approximately 59.72%. (Note: The data in this report is calculated based on token prices at the time of each incident. Due tofactors such as cryptocurrency price volatility, unreported incidents, and losses incurred by ordinaryusers not being included in the statistics, the actual losses are expected to be higher than thereportedfigures.) 2.1 Security Incident Overview (1) According to ecological distribution ●Ethereum was the most frequently targeted ecosystem, with related losses ofapproximately $134 million. ●The BSC ecosystem followed, with losses of around $36.35 million.●Arbitrum ranked third, with losses of approximately $4.93 million. (2) By project type ●DeFi projects remained the most frequently targeted sector. In thefirst half of 2026, a totalof 116 DeFi-related security incidents were recorded, accounting for approximately63.74% of all incidents (182 in total), with losses reaching approximately $490 million.Compared to thefirst half of 2025 (92 incidents with approximately $470 million inlosses), losses increased by about 4.26% year-on-year. ●Cross-chain bridge incidents totaled 20 cases, resulting in cumulative losses ofapproximately $346 million. The most severe incident was the Kelp DAO event, where a1-of-1 DVN (Decentralized Verification Network) configuration in the LayerZerocross-chain bridge was exploited. Attackers compromised LayerZero’s RPC infrastructureand launched DDoS attacks to forge cross-chain messages, leading t