The crypto market hit an anti-record in the number of hacks in the second quarter of 2026: 83 incidents in three months

The second quarter of 2026 became the most "fruitful" for hackers in terms of the number of attacks on crypto protocols. Monitoring showed 83 successful hacks in three months — an absolute historical record. The total damage amounted to $755.3 million. This is an alarming signal for the entire industry, especially against the backdrop of declining overall liquidity.
The leaders in terms of loss volume were two exploits: an attack on KelpDAO for $293 million and a hack of Drift Protocol for $280 million. Both incidents occurred in the cross-chain bridge segment, where total damage reached $351 million. Interestingly, 38% of this amount is linked to the attack on the LayerZero OFT bridge, which analysts directly associate with the KelpDAO hack. Another 37% came from compromised administrative access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66% of total losses.
Despite the record number of incidents, this period lags behind the fourth quarter of 2020 in terms of damage volume, when losses amounted to $3.56 billion. However, the trend is concerning: the number of attacks is growing exponentially, while total damage remains high.
Dmitry Tarasyuk, Product Director at CORE3 and CER.live, rightly notes that the increase in the number of hacks amid a decrease in total damage is linked to reduced liquidity in the ecosystem. TVL has dropped from $164 billion to approximately $73 billion. This means hackers are attacking fewer "fat" targets but doing so more frequently. The gap between the pace of protocol development and the maturity of their risk management systems is becoming critical. The example of a "three out of six" multisig, where three keys are stored on a single laptop, is a classic case of negligence that should not occur in 2026.
Other significant incidents include the hack of the cross-chain protocol THORChain for $10 million in May, after which the team suspended operations, and the compromise of Humanity Protocol wallets on June 8, with damages of around $31 million. These attacks confirm a systemic vulnerability: most protocols are not prepared for large-scale, coordinated attacks.
My professional opinion: The record number of hacks is not an accident but a natural outcome of insufficient security amid the rapid growth of new protocols. The industry urgently needs standards for auditing and risk management; otherwise, the next quarter could break this anti-record as well.