The crypto industry has set a new anti-record for the number of hacks in the second quarter of 2026.

The second quarter of 2026 set a historic anti-record for the crypto industry in terms of the number of hacks. Analysts recorded 83 incidents — the highest figure in the entire history of observations. The total damage from these attacks amounted to $755.3 million, which, however, is significantly lower than the record sums of previous years.
The most large-scale attacks were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit, which caused losses of $280 million. In the cross-chain bridge segment, losses reached $351 million, with 38% of this amount attributed to the incident involving the LayerZero OFT bridge, which was linked to the attack on KelpDAO. Another 37% of the damage came from compromised administrative access and token price manipulation. Theft of private keys, on the other hand, accounted for a relatively small share — only 5.66%.
Despite the record number of incidents, this period was not the most expensive in terms of losses. The record for the cost of hacks still belongs to the fourth quarter of 2020, when damage amounted to $3.56 billion. This paradox is explained by a decrease in overall liquidity within the ecosystem: the total value locked (TVL) fell from $164 billion to approximately $73 billion.
Experts attribute the increase in the number of attacks to the gap between the pace of protocol development and the maturity of their risk management systems. For example, some projects use a "three out of six" multi-signature scheme but store three keys on a single laptop, negating all security. In May, THORChain developers confirmed a $10 million hack of the cross-chain protocol, after which the platform's operations were suspended. And on June 8, unknown attackers compromised the wallets of the Humanity Protocol project, causing damage of approximately $31 million.
My analysis: The current situation is a warning signal for the entire industry. The increase in the number of attacks amid declining overall liquidity indicates that attackers have shifted from large-scale targets to smaller but numerous projects that often neglect basic security principles. The market urgently needs standardization of risk management practices, otherwise we risk seeing even more dire records in the future.