The crypto industry set an anti-record for the number of hacks: 83 incidents in a quarter

The second quarter of 2026 will go down in crypto industry history as a period with a record number of attacks. Analysts recorded 83 crypto protocol hacks, an all-time high. The total damage from these incidents amounted to $755.3 million.
Major Attacks and Their Consequences
The most notable were the hack of the KelpDAO protocol for $293 million and the Drift Protocol exploit for $280 million. In the cross-chain bridge segment, damage reached $351 million, with 38% of that amount attributed to the incident involving the LayerZero OFT bridge, which was apparently part of the attack on KelpDAO. Another 37% of losses are related to compromised administrative access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66% of the total.
Despite the record number of incidents, this quarter was not the most expensive in terms of losses. The unprecedented record for the cost of hacks is still held by the fourth quarter of 2020, when damage amounted to $3.56 billion. However, the current trend is a serious cause for concern.
Reasons for the Increase in Attacks
Dmitry Tarasyuk, Product Director at CORE3 and CER.live, explains this trend by a decrease in overall liquidity within the ecosystem. According to his estimates, the total value locked (TVL) has dropped from $164 billion to approximately $73 billion. This means it is becoming harder for attackers to find a single large target, so they are switching to smaller but more numerous attacks. Additionally, Tarasyuk points to a gap between the pace of protocol development and the maturity of their risk management systems. As an example, he cites projects that use a "three out of six" multi-signature scheme but store three keys on a single laptop — a blatant violation of basic security principles.
Recent Incidents
In May, THORChain developers confirmed a hack of the cross-chain protocol for $10 million, after which the protocol's operation was suspended. Trading options, liquidity pool operations, and other "sensitive" actions became unavailable. And on June 8, unknown parties compromised wallets associated with the Humanity Protocol project, causing damage of approximately $31 million.
My expert opinion: The current situation is a wake-up call for the entire industry. The increase in the number of attacks amid a decrease in total damage indicates that attackers have adapted to new conditions and are finding vulnerabilities in less secure protocols. Projects urgently need to reconsider their security approaches, especially in the areas of key management and administration, otherwise we risk seeing even more alarming statistics in the coming quarters.