Crypto news

22.06.2026
20:30

The number of hacks has reached a record high, but less has been stolen: the paradox of the second quarter of 2026

hack

The second quarter of 2026 set an absolute anti-record for the number of hacker attacks on crypto protocols. Analysts recorded 83 incidents—the highest figure in the entire history of observations. However, the total damage of $755.3 million was far from a record. This points to a fundamental shift in the cyber threat landscape: we are seeing not isolated "giga-exploits," but a constant stream of small and medium-sized attacks that fragment risks without reducing their frequency.

Key Incidents of the Quarter

The largest attacks were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit for $280 million. These two incidents account for over 75% of the total damage. Notably, in the cross-chain bridge segment, losses reached $351 million, of which 38% came from the attack on the LayerZero OFT bridge, directly linked to the KelpDAO hack. Another 37% of the damage resulted from compromised administrative keys and token price manipulations. Private key theft, contrary to popular belief, accounted for only 5.66% of the total.

Why So Many Hacks but Little Money?

The paradox is simple to explain: overall liquidity in DeFi has sharply declined. By my estimates, the total TVL (Total Value Locked) dropped from $164 billion to approximately $73 billion. This means hackers simply have less to attack on the same scale as before. But the problem runs deeper: the gap between the speed of deploying new protocols and the maturity of their security systems remains critical. A prime example is projects using a "three out of six" multisignature scheme but storing three keys on a single laptop. This is not negligence—it is a systemic failure in risk management.

Security as a Weak Link

In May, the THORChain team confirmed a $10 million hack of a cross-chain protocol, after which it suspended operations. And on June 8, unknown attackers compromised Humanity Protocol wallets, stealing about $31 million. These incidents are just the tip of the iceberg. They show that even with a decline in the total value of assets under protocol management, vulnerabilities remain, and hackers are actively exploiting them.

My conclusion: The market is entering an era of "quiet erosion" of security. The number of attacks will continue to rise until protocol teams rethink their approach to auditing and key management. For now, investors should be especially cautious with projects that have a high rate of updates and a low level of technical maturity.