The crypto industry set an anti-record: 83 hacks in a quarter, but losses are below historical peaks
The second quarter of 2026 went down in crypto industry history as the most "hacked" — analysts recorded 83 protocol incidents, an absolute record in terms of the number of attacks. However, the total damage amounted to $755.3 million, significantly lower than previous peaks in loss volume.
The largest attacks of the quarter were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit for $280 million. The cross-chain bridge segment proved particularly vulnerable, accounting for $351 million in losses, 38% of which is linked to the LayerZero OFT bridge incident, which was apparently part of the KelpDAO attack. Another 37% of losses came from administrative access compromises and token price manipulations. Contrary to popular belief, private key theft accounted for only 5.66% of the total volume.
Despite the record number of incidents, this quarter was not the most expensive in terms of loss volume. The top spot still belongs to the fourth quarter of 2020, when damage reached $3.56 billion. This trend is explained by structural changes in the ecosystem: the total value locked (TVL) decreased from $164 billion to approximately $73 billion. As a result, attackers have access to less liquidity for their attacks. However, this does not make the situation less alarming — the increase in the number of incidents amid declining TVL points to a serious gap between the pace of protocol development and the maturity of their risk management systems. An example is projects that use a "three out of six" multi-signature scheme but store three keys on a single laptop.
In May, THORChain developers confirmed a $10 million hack of the cross-chain protocol, after which they temporarily suspended the platform, disabling trading, liquidity pool operations, and other sensitive functions. On June 8, unknown parties compromised wallets associated with the Humanity Protocol project, causing approximately $31 million in damage.
Expert commentary: A record number of attacks amid declining total damage is an alarming signal for the industry. It indicates that hackers are adapting faster than protocols are implementing adequate security measures. While projects chase functionality, they leave gaps that attackers exploit with increasing efficiency. Without a fundamental reassessment of security approaches, we risk not only seeing a rise in the number of incidents but also a return to record loss amounts.