Crypto news

23.06.2026
03:25

The number of hacks has increased, but the damage is less: the second quarter of 2026 set an anti-record for the number of attacks

hack

The second quarter of 2026 went down in crypto industry history as the most "fruitful" for hacks: analysts recorded 83 incidents — an absolute record in terms of the number of attacks ever observed. However, the total damage amounted to "only" $755.3 million, significantly lower than the peak values of previous years. This paradoxical dynamic points to fundamental changes in the structure of threats and the state of the market.

Top Attacks: Two Giants and a Stream of "Minor" Exploits

The largest incidents of the quarter were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit, which cost the project $280 million. Interestingly, the cross-chain bridge segment suffered particularly heavily: losses in this category reached $351 million. Meanwhile, 38% of this amount came from the attack on the LayerZero OFT bridge, which, as it turned out, was directly linked to the incident surrounding KelpDAO. Another 37% of losses in this sector were caused by compromised administrative access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66% of total losses.

Why Are There More Attacks, But Less Damage?

At first glance, the increase in the number of hacks alongside a decrease in total damage may seem contradictory. However, this is a direct reflection of the current market state. The total value locked (TVL) in DeFi has shrunk from $164 billion to approximately $73 billion. Simply put, there is less "loot" for hackers. Instead of a few giant exploits, as in the fourth quarter of 2020 (a record $3.56 billion), we are seeing a continuous stream of smaller but more numerous attacks.

The key issue, in my opinion, is the gap between the speed of deploying new protocols and the maturity of their security systems. Many projects still use primitive risk management schemes. For example, a "three-of-six" multi-signature scheme loses all meaning if all three keys are stored on a single developer's laptop. This is not a technology issue, but a security culture issue, which in the industry still leaves much to be desired.

High-Profile Incidents: THORChain and Humanity Protocol

In May, the THORChain team confirmed a $10 million hack of the cross-chain protocol, after which they were forced to suspend operations: trading, liquidity pool operations, and other "sensitive" functions became unavailable. And on June 8, attackers compromised wallets associated with Humanity Protocol, stealing approximately $31 million. These cases only confirm the general trend: vulnerabilities exist everywhere, and no project is immune to attacks.

My conclusion: The record number of hacks is a worrying signal, but not a catastrophe. It speaks not to a rise in hacker "genius," but to the systemic immaturity of many protocols. Until the industry shifts from a race for TVL and launch speed to fundamental security audits and decentralized risk management, we will see more and more such "records," but with smaller damage figures. This is not a victory for security, but a temporary lull against a backdrop of low liquidity.