The number of hacks has reached a record high, but the damage is minimal: the paradox of the second quarter of 2026

The second quarter of 2026 went down in crypto industry history as the most "fruitful" for hacks: 83 incidents were recorded in three months — an absolute record for all time. However, the paradox is that the total damage amounted to only $755.3 million. This is far from the most expensive period: the record for losses is still held by the fourth quarter of 2020, when hackers stole $3.56 billion.
Major Attacks and Key Trends
Two attacks accounted for the lion's share of losses: the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit for $280 million. Interestingly, the cross-chain bridge segment was particularly hard hit: losses in this sector reached $351 million, with 38% of that amount attributed to the incident involving the LayerZero OFT bridge, which turned out to be part of the KelpDAO attack. Another 37% of losses are linked to compromised administrative access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66% of the total.
Why Are There More Hacks but Less Damage?
The decline in total liquidity within the ecosystem is a key factor. While Total Value Locked (TVL) peaked at $164 billion in previous periods, it has now shrunk to approximately $73 billion. Hackers simply cannot find the "giga-pools" they could drain in a single attack. Instead, we are seeing a constant stream of small and medium-sized hacks — a kind of "dispersion" of the threat.
However, there is another, more alarming reason: the gap between the speed of protocol development and the maturity of their security systems. A telling example is projects using a "three out of six" multi-signature scheme but storing three keys on a single laptop. This is not a technical vulnerability but blatant negligence.
Warning Signs: THORChain and Humanity Protocol
In May, the THORChain team confirmed a $10 million hack of the cross-chain protocol, after which they were forced to suspend the entire platform — including trading, liquidity pool management, and other critical functions. And on June 8, unknown attackers compromised the wallets of the Humanity Protocol project, causing approximately $31 million in damage. These incidents are not coincidences but symptoms of a systemic problem.
My Take on the Situation
A record number of hacks with minimal damage is not a reason for optimism. On the contrary, it signals a fragmentation of threats and a lower barrier to entry for malicious actors. While the industry races to launch new products, security remains the "weak link." The market urgently needs audit and risk management standards; otherwise, the next record could be fatal.