Record number of hacks in the second quarter of 2026: the crypto industry faces a new wave of attacks
The second quarter of 2026 became a real test for the crypto industry: 83 protocol hacks were recorded — an absolute record in the number of incidents in the entire history of observations. The total damage reached $755.3 million. However, despite the record number of attacks, the overall loss volume was lower than the peak values of previous years.
The largest attacks were the KelpDAO hack for $293 million and the Drift Protocol exploit for $280 million. In the cross-chain bridge segment, damage amounted to $351 million, of which 38% came from the incident involving the LayerZero OFT bridge, related to the attack on KelpDAO. Another 37% of losses were caused by compromised administrative access and token price manipulations. Private key theft, contrary to expectations, accounted for only 5.66% of the total volume.
Interestingly, in terms of loss volume, the second quarter of 2026 was not the most expensive. The record for the cost of hacks is still held by the fourth quarter of 2020 — $3.56 billion. This indicates a change in the structure of attacks: instead of single giant exploits, the industry has faced a constant stream of smaller but more frequent incidents.
Dmytro Tarasiuk, Product Director at CORE3 and CER.live, links the increase in the number of attacks to a decline in ecosystem liquidity: the total value locked (TVL) decreased from $164 billion to approximately $73 billion. He also highlights the gap between the pace of protocol development and the maturity of their risk management systems. As an example, he cites projects using a "three out of six" multi-signature scheme but storing three keys on a single laptop — a gross mistake that makes the vulnerability obvious.
In May, THORChain developers confirmed a hack of the cross-chain protocol for $10 million. After the incident, the team suspended the protocol's operation, disabling trading, liquidity pool operations, and other "sensitive" actions. And on June 8, unknown attackers compromised wallets associated with the Humanity Protocol project, causing $31 million in damage.
My expert conclusion: The increase in the number of attacks amid a decrease in total damage is an alarming signal. This indicates that attackers are adapting to new conditions, focusing on vulnerabilities in governance and administration rather than on large liquidity pools. The industry urgently needs to raise security standards, especially in the areas of multi-signatures and key management, otherwise we risk seeing a rise in the number of incidents, albeit with smaller but still significant damage.