The crypto industry set an anti-record for the number of hacks in the second quarter of 2026.

The second quarter of 2026 became the most "fruitful" for hacker attacks in the history of the crypto industry: analysts recorded 83 incidents — an absolute record in terms of quantity. The total damage from these hacks reached $755.3 million, which, however, is not a record in terms of value.
The largest losses came from the hack of the KelpDAO protocol — $293 million, and the Drift Protocol exploit for $280 million. In the cross-chain bridge segment, damage amounted to $351 million, with 38% of this sum attributed to the incident involving the LayerZero OFT bridge, which was linked to the attack on KelpDAO. Another 37% of losses in this sector were caused by compromised administrative access and token price manipulations. Private key theft, contrary to popular belief, accounted for only 5.66% of total losses.
Paradox: less liquidity — more attacks
Despite the record number of hacks, this quarter falls short of the fourth quarter of 2020 in terms of loss volume, when damage amounted to $3.56 billion. This dynamic is explained by a fundamental shift in the ecosystem. The total value locked (TVL) decreased from $164 billion to approximately $73 billion, leading to a reduction in "liquidity available for attack." However, this did not stop attackers: they switched to smaller-scale but more frequent targets.
The key problem, in my opinion, is the gap between the pace of protocol development and the maturity of their risk management systems. Many projects use "three out of six" multi-signature schemes but store three keys on a single laptop. This is not security, but an illusion of security.
Case studies: THORChain and Humanity Protocol
In May, THORChain developers confirmed a $10 million hack of the cross-chain protocol, after which they suspended the service's operations, including trading and liquidity pool activities. And on June 8, unknown attackers compromised wallets associated with the Humanity Protocol project, causing $31 million in damage.
My analysis: The current situation resembles an "arms race": the number of attacks is growing, but their average cost is falling. This indicates that hackers are adapting to new realities, while the industry has yet to develop a systemic response. Without the implementation of security standards at the protocol level and mandatory audits by independent experts, we risk seeing even higher figures in the next quarter.