The crypto industry set an anti-record for the number of hacks in the second quarter of 2026.

The second quarter of 2026 became the most "fruitful" for cyberattacks in the history of the crypto industry. Analysts recorded 83 incidents — an absolute record for the number of hacks in a single quarter. However, the total damage, amounting to $755.3 million, was significantly lower than historical highs.
The largest attacks were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit, which cost $280 million. The cross-chain bridge segment was particularly affected: losses here reached $351 million. Of this amount, 38% came from the incident involving the LayerZero OFT bridge, which is linked to the attack on KelpDAO. Another 37% of losses were caused by compromised administrative access and token price manipulation. In contrast, private key theft accounted for only 5.66% of total losses.
Notably, in terms of loss volume, the current quarter was not the most expensive. The record still belongs to the fourth quarter of 2020, when damage amounted to $3.56 billion. However, the frequency of attacks is a serious cause for concern.
The increase in the number of incidents amid a decrease in total damage is associated with reduced liquidity in the ecosystem. The total value locked (TVL) fell from $164 billion to approximately $73 billion. This means it has become more difficult for attackers to carry out large-scale strikes, but they compensate for this with a higher number of small attacks. Additionally, there is a gap between the pace of protocol development and the maturity of their risk management systems. For example, some projects use a "three out of six" multisignature scheme but store three keys on a single laptop — a gross security error.
In May, THORChain developers confirmed a $10 million hack of the cross-chain protocol, after which the service was suspended. And on June 8, attackers compromised the wallets of the Humanity Protocol project, causing $31 million in damage.
Expert opinion: A record number of hacks with relatively modest damage is an alarming signal for the industry. It indicates that hackers are adapting to new conditions, shifting from "high-profile" attacks to mass but less noticeable incidents. Projects urgently need to review their security practices, especially regarding key storage and access management. Otherwise, the trend toward an increase in the number of small hacks could escalate into a new wave of large losses.