Record number of hacks in the second quarter of 2026: the crypto industry faces a wave of small-scale attacks

The second quarter of 2026 will go down in crypto industry history as the period with the highest number of recorded hacks. Analysts counted 83 incidents, an absolute anti-record. The total damage from these attacks amounted to $755.3 million. Notably, despite the record number, the overall loss volume was significantly lower than the peak values of previous years.
The largest attacks were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit for $280 million. In the cross-chain bridge segment, damage reached $351 million, with 38% of this amount attributed to the incident involving the LayerZero OFT bridge, which was linked to the attack on KelpDAO. Another 37% of losses were caused by compromised administrative access and token price manipulation. In contrast, private key theft accounted for a relatively small share — only 5.66%.
In terms of loss volume, this period was not the most expensive. The record for the cost of hacks is still held by the fourth quarter of 2020 — $3.56 billion. However, the current trend is concerning: the increase in the number of incidents alongside a decrease in total damage points to fundamental changes in the structure of attacks. Dmitry Tarasyuk, Product Director at CORE3 and CER.live, attributes this to a reduction in overall liquidity within the ecosystem: the total value locked (TVL) has dropped from $164 billion to approximately $73 billion. He also notes a gap between the pace of protocol development and the maturity of their risk management systems. As an example, he cites projects that use a "three out of six" multi-signature scheme but store three keys on a single laptop.
In May, THORChain developers confirmed a hack of the cross-chain protocol for $10 million, after which the team paused the protocol's operations by disabling trading options, liquidity pool operations, and other "sensitive" actions. On June 8, unknown parties compromised wallets associated with the Humanity Protocol project, causing damage of approximately $31 million.
Expert commentary: The current situation demonstrates that the crypto industry is transitioning from an era of isolated but large-scale exploits to an era of constant, smaller-scale attacks. This requires teams not only to strengthen technical defenses but also to implement stricter risk management procedures, especially in the areas of key storage and administration. Without this, we risk seeing even more alarming figures in the future.