The number of hacks has reached a record high, but less money was stolen: the paradox of Q2 2026

The second quarter of 2026 went down in crypto industry history with a grim record: 83 successful attacks on protocols were recorded—an absolute high in terms of the number of incidents. However, the total damage amounted to $755.3 million, far from previous peaks.
The largest hacks of the quarter were the attack on KelpDAO for $293 million and the Drift Protocol exploit for $280 million. Together, they account for over 75% of total losses. Notably, the lion's share of the damage came from cross-chain bridges: $351 million, of which 38% was the incident involving the LayerZero OFT bridge linked to KelpDAO. Another 37% of losses were caused by compromised administrative access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66%.
Despite the record number of attacks, the quarter was not the most expensive in terms of the volume of stolen funds. The absolute record for the cost of hacks still belongs to the fourth quarter of 2020—$3.56 billion. The paradox is explained by a decline in overall liquidity in the ecosystem: the total value locked (TVL) fell from $164 billion to approximately $73 billion. Simply put, attackers had less to "mine" on a large scale.
Experts note a troubling gap between the speed of protocol development and the maturity of their risk management systems. For example, some projects use a "three out of six" multi-signature scheme but store three keys on a single laptop. This is not security, but an illusion of security.
Special attention should be paid to the May hack of THORChain for $10 million, after which the team suspended protocol operations, including trading and liquidity pool activities. And on June 8, unknown attackers compromised Humanity Protocol wallets, causing $31 million in damage.
My opinion: A record number of attacks with declining damage is a signal that the industry still hasn't learned to protect itself from "small" threats. Hackers adapt faster than protocols implement adequate security measures. If the trend continues, the next quarter could be record-breaking not only in numbers but also in the scale of losses.