The second quarter of 2026 set a record for the number of hacks in the crypto industry: 83 incidents and $755 million in damages.

The second quarter of 2026 has gone down in history as the most "hack-prone" period for the crypto industry. Analysts recorded 83 attacks on protocols — an absolute anti-record for the number of incidents in the entire history of observations. The total damage from these hacks amounted to $755.3 million.
Key Attacks and Vulnerabilities
The most significant episodes were the exploit of the KelpDAO protocol for $293 million and the attack on Drift Protocol, which cost $280 million. The cross-chain bridge segment draws particular attention: losses here reached $351 million, with 38% of this amount attributed to the incident involving the LayerZero OFT bridge, which experts link to the KelpDAO hack. Another 37% of the damage was caused by compromised administrative access and token price manipulation. Theft of private keys, contrary to expectations, accounted for only 5.66% of total losses.
Why Is the Number of Hacks Rising, but the Damage Is Not?
Despite the record number of attacks, this quarter lags behind peak values in terms of financial losses. The record is still held by the fourth quarter of 2020, when damage exceeded $3.56 billion. The key factor explaining this dynamic is a sharp decline in liquidity within the ecosystem. The total value locked (TVL) decreased from $164 billion to approximately $73 billion. Attackers now have fewer targets for large-scale attacks, so they have shifted to more frequent but less significant incidents.
At the same time, there is a troubling gap between the pace of protocol development and the maturity of their risk management systems. A number of projects still exhibit glaring security violations, such as using a "three-of-six" multi-signature scheme with all three keys stored on a single laptop.
Consequences for the Industry
In May, THORChain developers confirmed a hack of their cross-chain protocol for $10 million, after which they suspended trading, liquidity pools, and other sensitive functions. On June 8, unknown attackers compromised the wallets of the Humanity Protocol project, causing damage of approximately $31 million. These incidents highlight the systemic vulnerability of even relatively mature protocols.
My professional commentary. The record number of hacks amid declining total damage is a troubling signal for the entire industry. It points not to a reduction in the threat, but to its fragmentation. Protocols rushing to market are increasingly neglecting fundamental security principles. Until TVL recovers, we will see a constant stream of small attacks that, in aggregate, could cause greater damage to the sector's reputation than a single giant exploit.