Crypto news

22.06.2026
23:15

The number of crypto project hacks has reached a record high, but the damage has decreased: the paradox of the second quarter of 2026

hack

The second quarter of 2026 went down in crypto industry history as the most "hacked" period: 83 protocol incidents were recorded — an absolute anti-record in terms of the number of attacks. However, the total damage amounted to "only" $755.3 million, significantly lower than the peak values of previous years.

Small Attacks Instead of "Whale" Exploits

The key trend of the quarter is the fragmentation of threats. Instead of a few giant hacks, as was the case before, we are seeing a stream of medium and small attacks. The two largest incidents — the KelpDAO hack for $293 million and the Drift Protocol exploit for $280 million — together account for more than 75% of all losses. The remaining 81 attacks involved amounts that collectively accounted for only a quarter of the total damage.

The cross-chain bridge segment remains the most vulnerable: $351 million in losses, of which 38% came from the LayerZero OFT bridge incident linked to the KelpDAO attack. Another 37% of losses were caused by compromised administrative access and token price manipulation. Private key theft, contrary to stereotypes, accounted for only 5.66%.

Why Are There More Hacks but Less Money?

The paradox is explained by simple economics: overall liquidity in the ecosystem has sharply declined. TVL (total value locked) fell from $164 billion to approximately $73 billion. There is simply less for attackers to target. However, this is no reason for optimism — the increase in the number of incidents points to a systemic problem.

As one security expert noted, the gap between the speed of deploying new protocols and the maturity of their risk management systems is becoming critical. A striking example is projects using a "three-of-six" multi-signature scheme but storing three keys on a single laptop. This is not negligence but a fundamental flaw in security culture.

High-Profile Incidents of the Quarter

In May, developers of THORChain confirmed a hack of the cross-chain protocol for $10 million, after which the service was suspended. On June 8, unknown attackers compromised Humanity Protocol wallets, causing damage of approximately $31 million.

Analyst's Perspective

The record for the cost of hacks is still held by the fourth quarter of 2020 — $3.56 billion. However, the current dynamics are more alarming: 83 incidents in three months is not a coincidence but a new standard. The industry must realize that security is not an option but a basic requirement for survival. As long as projects chase TVL and speed to market, hackers will continue to reap the rewards of their shortcomings.