Hacks have increased, but the damage is less: the crypto industry set a grim record in Q2 2026
The second quarter of 2026 went down in history as the most "fruitful" in terms of the number of attacks on crypto protocols. Analysts recorded 83 incidents — an absolute anti-record. However, the total amount of losses, amounting to $755.3 million, was far from the highest in the entire history of observations. This indicates a paradigm shift: hackers have moved from rare but devastating strikes to a constant stream of small and medium-sized attacks.
Key Incidents and Loss Structure
The largest events of the quarter were the hack of KelpDAO for $293 million and the exploit of Drift Protocol, with damages reaching $280 million. Looking at segments, cross-chain bridges proved to be the most vulnerable, accounting for $351 million in losses. Of this amount, 38% is related to the attack on the LayerZero OFT bridge, which analysts link to the KelpDAO incident. Another 37% of losses were caused by compromised administrative access and token price manipulations. Theft of private keys, contrary to popular belief, accounted for only 5.66% of the total volume.
Why So Many Hacks but Less Money?
The current anti-record in the number of attacks did not break the record in terms of value. The most expensive remains the fourth quarter of 2020 with losses of $3.56 billion. The explanation is simple and alarming: overall liquidity in the ecosystem has sharply decreased. The total TVL (Total Value Locked) fell from $164 billion to approximately $73 billion. Fewer funds mean fewer targets for large exploits, but more incentives for attackers to target any available pool.
The problem is exacerbated by the gap between the speed of protocol development and the maturity of their security systems. For example, I see projects that use a "3-of-6" multi-signature scheme but store three keys on a single laptop. This is not security, but an illusion of security. The industry must urgently reconsider its approaches to risk management, otherwise the constant stream of small hacks will become the new norm.
Consequences and Team Reactions
In May, THORChain developers confirmed a $10 million hack, after which the protocol was completely halted: trading, liquidity pool operations, and other critical functions became unavailable. In June, hackers compromised wallets associated with Humanity Protocol, causing $31 million in damages. These incidents show that even projects with established reputations are not immune to attacks, especially when it comes to complex cross-chain mechanisms.
My conclusion: We are witnessing not just a rise in the number of hacks, but a systemic security crisis in DeFi. Until teams begin implementing multi-layered protection and regular audits, and the community demands transparency in key management, this anti-record will be quickly broken.