There have been more hacks, but less stolen: Q2 2026 sets an anti-record in the number of attacks

The second quarter of 2026 went down in crypto industry history as the most "populated" in terms of the number of hacks. Analysts recorded 83 incidents — an absolute record for the entire observation period. However, the total damage, amounting to $755.3 million, was far from the highest. This is a paradox that requires deep analysis.
Small Attacks Instead of Major Exploits
The key trend of the quarter is the fragmentation of attacks. Instead of one or two giant hacks, as was the case in the past, we are seeing a constant stream of small and medium-sized incidents. According to DeFiLlama data, the largest were the KelpDAO hack at $293 million and the Drift Protocol exploit at $280 million. Interestingly, in the cross-chain bridge segment, damage reached $351 million, with 38% of that amount attributed to the LayerZero OFT bridge incident, directly linked to the KelpDAO attack. Another 37% of losses in this segment were caused by compromised administrative access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66%.
Why Isn't the Damage Breaking Records?
The record for the volume of losses is still held by the fourth quarter of 2020 — $3.56 billion. The decrease in total damage amid a rise in the number of attacks is an alarming signal, not about financial losses, but about the state of the ecosystem. As experts note, total liquidity in DeFi has dropped from $164 billion to approximately $73 billion. Simply put, there is less for hackers to "take." However, this is not reassuring: the increase in the number of incidents points to a systemic problem — the gap between the speed of protocol development and the maturity of their security systems. A striking example is projects using a "three out of six" multi-signature scheme but storing all three keys on a single laptop. This is not negligence, but a fundamental flaw in security architecture.
Specific Cases: THORChain and Humanity Protocol
In May, THORChain developers confirmed a $10 million hack of the cross-chain protocol. After the incident, the team paused the protocol's operation, blocking trading options and liquidity pool operations. And on June 8, unknown parties compromised wallets associated with the Humanity Protocol project, causing damage of approximately $31 million. These incidents are just the tip of the iceberg, demonstrating that even established protocols are vulnerable.
My expert opinion: We are witnessing a paradigm shift. Previously, hackers hunted for large "whales" — pools with billion-dollar liquidity. Now they have switched to "schools of fish" — many small but poorly protected protocols. The industry urgently needs security standards, not a race for TVL. Otherwise, the next quarter could not only break the record for the number of attacks but also bring us back to loss levels of 2020.