Crypto news

22.06.2026
18:45

The second quarter of 2026 set a record for the number of hacks: 83 incidents and $755 million in damages.

The second quarter of 2026 went down in crypto industry history as the most problematic in terms of the number of attacks. Analysts recorded 83 crypto protocol hacks — an absolute anti-record for the entire observation period. The total damage from these incidents reached $755.3 million, which, however, is not a record amount.

The largest attacks of the quarter were the hack of the KelpDAO protocol for $293 million and the exploit of Drift Protocol, which led to losses of $280 million. In the cross-chain bridge segment, damage amounted to $351 million, with 38% of this sum attributed to the incident involving the LayerZero OFT bridge, which, according to the investigation, was linked to the KelpDAO attack. Another 37% of losses in this segment were caused by compromised administrative access and token price manipulations. In contrast, private key theft accounted for a relatively modest share — only 5.66%.

Why a record in number but not in amount?

Despite the record number of incidents, the second quarter of 2026 was not the most expensive in terms of loss volume. The record for the cost of hacks is still held by the fourth quarter of 2020, when damage amounted to $3.56 billion. Experts attribute this dynamic to a significant decline in liquidity within the ecosystem. The total value locked (TVL) decreased from $164 billion to approximately $73 billion, reducing the "potential loot" for attackers.

Additionally, there is a gap between the pace of protocol development and the maturity of their risk management systems. An example is projects that use a "three out of six" multi-signature scheme but store three keys on a single laptop. This creates an illusion of security that is easily shattered in a targeted attack.

Notable incidents of the quarter

In May, developers of THORChain confirmed a hack of the cross-chain protocol for $10 million. After the incident, the team was forced to suspend the protocol's operation, blocking trading options, liquidity pool operations, and other "sensitive" actions.

On June 8, unknown individuals compromised wallets associated with the Humanity Protocol project. The damage from this attack was estimated at approximately $31 million.

My view as an analyst: The trend of an increasing number of attacks with a decrease in average damage is a worrying signal. It indicates that attackers are adapting to the new reality of lower liquidity, shifting to smaller but more frequent targets. This requires the industry not just to strengthen protection, but to fundamentally rethink approaches to risk management at the protocol architecture level.