The second quarter of 2026 broke an anti-record for the number of hacker attacks on crypto projects: 83 incidents in three months

Analysts recorded 83 crypto protocol hacks in the second quarter of 2026 — an absolute record for the number of incidents in the history of observations. The total damage amounted to $755.3 million. Although this period was not the most costly in terms of losses, the frequency of attacks is causing serious concern.
The largest attacks were the KelpDAO hack for $293 million and the Drift Protocol exploit for $280 million. In the cross-chain bridge segment, damage reached $351 million, with 38% of that amount attributed to the incident involving the LayerZero OFT bridge, which is linked to the KelpDAO attack. Another 37% of losses came from admin access compromises and token price manipulations. Theft of private keys accounted for a smaller share — 5.66%.
The record for the cost of hacks is still held by the fourth quarter of 2020 — $3.56 billion. However, the current situation shows a worrying trend: the number of attacks is increasing, while total damage is decreasing. This is due to the fact that there is less liquidity in the ecosystem to attack. The total value locked (TVL) has dropped from $164 billion to approximately $73 billion.
The gap between the pace of protocol development and the maturity of their risk management systems is becoming critical. Some projects use a "three out of six" multisignature scheme but store three keys on a single laptop. This is blatant negligence in the face of a growing threat.
In May, THORChain developers confirmed a $10 million hack of the cross-chain protocol, after which they suspended the protocol's operation. The trading option, liquidity pool operations, and other "sensitive" actions became unavailable. On June 8, unknown attackers compromised wallets associated with the Humanity Protocol project, with damage estimated at approximately $31 million.
My analysis: The increase in the number of attacks amid a decrease in total damage points to a fragmentation of threats. Hackers have shifted from "giga-exploits" to small but frequent attacks, making defense even more challenging. The industry urgently needs to rethink its approaches to security, otherwise we risk facing a wave of incidents that could undermine trust in decentralized finance.