The crypto industry set an anti-record for the number of hacks in the second quarter of 2026.

The second quarter of 2026 was a nightmare for the security of decentralized protocols. Analysts recorded 83 successful hacks — an absolute record in terms of the number of incidents in the entire history of observations. According to my data, the total damage amounted to $755.3 million. However, despite the alarming statistics on the number of attacks, financial losses were far from the highest.
The largest targets for attackers were the KelpDAO protocol, which lost $293 million, and the Drift Protocol, from which $280 million was withdrawn. These two incidents together account for more than 75% of the quarter's total damage. The case with KelpDAO is particularly telling: the attack was carried out through the LayerZero OFT cross-chain bridge, leading to losses of $351 million in this segment. Compromised administrative keys and token price manipulation accounted for 37% of the losses, while private key theft, contrary to expectations, accounted for only 5.66%.

The paradox of the situation is that in terms of loss volume, the current quarter significantly lags behind the record of the fourth quarter of 2020, when damage amounted to $3.56 billion. Back then, several major exploits literally crashed the market, but now we are seeing a different trend: instead of isolated "giga-hacks," there is a constant stream of smaller but numerous attacks.
The key reason, in my opinion, lies in the decline of the ecosystem's overall liquidity. The total value locked (TVL) has decreased from $164 billion to approximately $73 billion. This means it has become harder for hackers to find "fat" targets, but they have adapted by switching to massive, yet less capital-intensive attacks. Additionally, a dangerous gap persists between the pace of protocol development and the maturity of their risk management systems. A clear example is projects using a "three out of six" multi-signature scheme but storing all three keys on a single laptop. This is not security, but sheer negligence.
In May, the THORChain team was forced to suspend the protocol's operation after a $10 million hack, and on June 8, unknown attackers compromised Humanity Protocol wallets, stealing about $31 million. These incidents only confirm the systemic nature of the problem.
Expert opinion from Cryptalist: The record number of hacks is a wake-up call for the entire industry. We are witnessing hackers shift from a "one big blow" strategy to a "thousand small cuts" tactic. This requires projects to fundamentally rethink their approaches to security: from a simple set of tools to the implementation of comprehensive risk management systems, including regular audits, insurance, and multi-factor key protection. Without this, the crypto ecosystem risks turning into a "Wild West" with a constantly growing number of victims.