Crypto news

23.06.2026
00:20

The number of crypto project hacks has reached a record high, but the damage is smaller: the paradox of the second quarter of 2026

hack

The second quarter of 2026 went down in crypto industry history as the most "fruitful" in terms of the number of hacker attacks. Analysts recorded 83 incidents — an absolute record for all time. However, the total damage amounted to $755.3 million, significantly lower than the peak values of previous years.

The largest events of the period were the hack of the KelpDAO protocol for $293 million and the exploit of Drift Protocol, which cost $280 million. The cross-chain bridge segment was particularly affected: losses in this category reached $351 million. Of these, 38% were attributed to the incident involving the LayerZero OFT bridge, which is directly linked to the attack on KelpDAO. Another 37% of losses were caused by compromised administrative access and token price manipulation. Theft of private keys, contrary to expectations, accounted for only 5.66% of the total volume.

Despite the record number of attacks, the quarter was not the most expensive in terms of loss volume. The absolute record still belongs to the fourth quarter of 2020, when damage amounted to $3.56 billion. The decrease in the average cost per hack amid an increase in their number indicates structural changes in the ecosystem.

Experts attribute this dynamic to a decline in overall liquidity: the total value locked (TVL) fell from $164 billion to approximately $73 billion. It has become harder for projects to "accumulate" a large sum for a single massive attack, but vulnerabilities have increased. The gap between the speed of developing new protocols and the maturity of their security systems is evident. An example is cases where teams use a "three out of six" multisignature scheme but store three keys on a single laptop.

In May, THORChain developers confirmed a hack of the cross-chain protocol for $10 million, after which they suspended operations. And on June 8, unknown attackers compromised wallets associated with the Humanity Protocol project, causing damage of approximately $31 million.

My professional opinion: A record number of hacks with a decrease in average damage is an alarming signal. The industry is fragmenting into small but frequent attacks, indicating a systemic weakness in security at the infrastructure level. As long as teams skimp on audits and proper key management, hackers will continue to collect "tribute" from immature projects. The shift from single giant exploits to a "swarm" of small attacks requires the community not just to react, but to fundamentally rethink security standards.