The second quarter of 2026 set an anti-record for the number of hacks in the crypto industry: 83 incidents in three months

Analysts have recorded an alarming trend: in the second quarter of 2026, the number of crypto protocol hacks reached an all-time high of 83 incidents. This is an absolute anti-record in the entire history of observations. The total damage from these attacks amounted to $755.3 million.
Record in number, but not in loss volume
Despite the impressive number of attacks, this quarter was not the most expensive in terms of loss volume. The record for the cost of hacks still belongs to the fourth quarter of 2020, when damage reached $3.56 billion. However, the current situation demonstrates a paradigm shift: instead of a few large exploits, the market has faced a continuous stream of smaller but systematic attacks.
Major attacks and vulnerable segments
The most significant incidents were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit for $280 million. The cross-chain bridge segment proved particularly vulnerable, accounting for $351 million in losses, of which 38% are related to the attack on the LayerZero OFT bridge, which, according to my data, was part of the KelpDAO hack. Another 37% of losses in this segment were caused by compromised administrative access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66% of total damage.
Reasons for the increase in attacks
I attribute the rise in incidents with relatively low total damage to fundamental changes in the ecosystem. Total Value Locked (TVL) in DeFi has decreased from $164 billion to approximately $73 billion — this means less liquidity is available to attackers, but they have adapted by switching to more frequent but smaller-scale attacks.
The key problem is the gap between the pace of protocol development and the maturity of their risk management systems. For example, some projects use a "three out of six" multi-signature scheme but store three keys on one laptop. This is a gross mistake that makes protection nominal.
Consequences and reaction
After the hack of the cross-chain protocol THORChain for $10 million in May, the team was forced to suspend the protocol's operation, blocking trading options, liquidity pool operations, and other sensitive actions. In early June, attackers compromised wallets associated with Humanity Protocol, causing $31 million in damage.
My analysis: The current situation is a warning signal for the entire industry. The increase in attacks amid declining TVL indicates that hackers are actively exploiting vulnerabilities in protocol management and architecture. Until teams reconsider their security approaches and implement stricter key storage and access management procedures, we will continue to see a rise in incidents. Investors should be especially cautious when choosing protocols to interact with.