The second quarter of 2026 broke a grim record: 83 crypto protocol hacks, but the damage is lower than peak levels.

The second quarter of 2026 became the most "record-breaking" in terms of the number of attacks on crypto protocols in history. Analysts recorded 83 incidents — an absolute maximum. However, the total damage, amounting to $755.3 million, was significantly lower than previous peaks. This indicates a shift in the nature of threats: instead of rare but massive exploits, we are seeing a continuous stream of small and medium-sized attacks.
Key Incidents and Damage Distribution
The largest attacks of the quarter were the KelpDAO hack for $293 million and the Drift Protocol exploit for $280 million. The cross-chain bridge segment accounted for $351 million, of which 38% was the LayerZero OFT bridge incident, which experts link to the KelpDAO attack. Another 37% of losses were caused by compromised administrative access and token price manipulation. Private key theft, contrary to popular belief, accounted for only 5.66% of the total damage.
Why Are Attacks Increasing While Damage Is Not?
At first glance, it is a paradox: a record number of hacks, but not record damage. However, the explanation is obvious. As I have repeatedly emphasized in my previous analyses, the cryptocurrency market is experiencing a phase of liquidity compression. The total value locked (TVL) has decreased from $164 billion to approximately $73 billion. Less liquidity means fewer "fat" targets for hackers.
Additionally, there is a troubling gap between the speed of developing new protocols and the maturity of their risk management systems. A typical example: projects use a "three out of six" multi-signature scheme but store three keys on a single laptop. This is not security; it is an illusion of security.
Specific Cases: THORChain and Humanity Protocol
In May, THORChain developers confirmed a $10 million hack of the cross-chain protocol, after which the service was suspended. On June 8, unknown attackers compromised wallets associated with the Humanity Protocol project, causing $31 million in damage. These incidents are just the tip of the iceberg, demonstrating that no protocol, even one with an established reputation, is immune.
Expert Opinion
My conclusion: the market is entering an era of "security hygiene." Until protocol teams stop cutting corners on audits, multi-signatures, and cold storage, we will see not record damage, but record numbers of incidents. This is no less alarming a signal — it undermines trust in the industry in the long term.