Crypto news

22.06.2026
19:30

The crypto industry set an anti-record for the number of hacks in the second quarter of 2026: 83 incidents in three months

hack

The second quarter of 2026 became the most "fruitful" for hacks in the history of the crypto industry: 83 successful attacks on protocols were recorded. This is an absolute record in terms of the number of incidents. However, the total damage amounted to "only" $755.3 million — an impressive figure, but far from a record.

Why did the number of hacks increase, but the damage did not?

The key trend of the quarter is a sharp increase in the frequency of attacks while the average cost of each decreased. If earlier we observed "giga-exploits" worth hundreds of millions of dollars, now hackers are targeting smaller but more numerous targets. The reason is simple: overall liquidity in DeFi has decreased. The total TVL (Total Value Locked) fell from $164 billion to approximately $73 billion. Less funds — less potential loot, but also a lower entry threshold for attackers.

Largest targets and methods

The most high-profile incidents were the hack of KelpDAO for $293 million and the exploit of Drift Protocol for $280 million. Interestingly, in the cross-chain bridge segment, damage reached $351 million, with 38% of this amount attributed to the attack on the LayerZero OFT bridge, directly linked to the KelpDAO hack. Another 37% of losses in this category were caused by compromise of administrative access and token price manipulation. Private key theft, contrary to popular belief, accounted for only 5.66% of the total damage.

Expert opinion: the problem is in risk management

The increase in the number of attacks amid declining liquidity points to a systemic problem: the pace of protocol development significantly outpaces the maturity of their security systems. For example, some projects use a "three out of six" multisignature scheme but store three keys on one laptop. This is not a technical error, but a fundamental failure in risk management. Until teams stop sacrificing security for the sake of speed to market, we will continue to see new anti-records in the number of hacks.

In May 2026, developers of THORChain confirmed a $10 million hack, after which they suspended the protocol's operation. And on June 8, unknown parties compromised the wallets of Humanity Protocol, causing $31 million in damage. These incidents are just the tip of the iceberg, and judging by the dynamics, the third quarter could be even more tense.

My conclusion: The industry has entered a phase of "small but frequent" theft. For investors, this means the need to more thoroughly check not only the code of protocols but also their operational security procedures. The record for the cost of hacks ($3.56 billion in Q4 2020) has not yet been broken, but in terms of the number of attacks, we have already exceeded all conceivable limits.