The crypto industry set an anti-record for the number of hacks in the second quarter of 2026.
The second quarter of 2026 has truly become a "black" period for the crypto industry: 83 successful attacks on protocols were recorded — an absolute historical high in terms of the number of incidents. The total direct damage reached $755.3 million, which, however, is not a record in terms of loss volume.
Analytics based on data from aggregators DeFiLlama and Unfolded show that the main drivers of the increase in the number of incidents were two major attacks: the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit for $280 million. These two events essentially accounted for more than 75% of the quarter's total damage.
The cross-chain bridge segment is particularly alarming: it accounted for $351 million in losses, with 38% of this amount linked to the compromise of the LayerZero OFT bridge, which, according to our data, was part of the attack on KelpDAO. Another 37% of losses in this segment are due to vulnerabilities in access control and token price manipulation. Private key theft, contrary to popular belief, accounted for only 5.66% of the total damage.
However, in terms of absolute loss value, the second quarter of 2026 lags behind the record fourth quarter of 2020, when damage exceeded $3.56 billion. This paradoxical discrepancy between the number of attacks and their financial scale has deep-seated reasons.
A key factor is the sharp reduction in ecosystem liquidity. Total value locked (TVL) has decreased from $164 billion to approximately $73 billion, making each successful hack less "lucrative" but provoking hackers to carry out more frequent attacks. Additionally, there is a gap between the pace of protocol development and the maturity of their risk management systems. A typical example: a project uses a "3 out of 6" multi-signature but stores three keys on one laptop — this is not protection, but an illusion of security.
In May 2026, THORChain developers confirmed a $10 million hack, after which they temporarily halted the protocol's operation. And on June 8, unknown attackers compromised Humanity Protocol wallets, stealing $31 million. These incidents only confirm the systemic nature of the problem.
My expert opinion: The increase in the number of attacks while their average cost decreases is an alarming signal that the industry is transitioning from an era of "large but rare" hacks to an era of "small but constant" threats. This requires a reassessment of security approaches: instead of one-off audits, continuous monitoring and automated response are needed. Otherwise, the next quarter could break this anti-record as well.