The crypto industry set an anti-record for the number of hacks: 83 incidents in a quarter, but the damage is more modest.

The second quarter of 2026 went down in crypto industry history as the most "hacked" period. Analysts recorded 83 attacks on protocols — an absolute record in terms of the number of incidents. However, the total damage of $755.3 million was significantly lower than the peak values of previous years.
The largest episodes were the hack of KelpDAO for $293 million and the exploit of Drift Protocol for $280 million. Both incidents occurred in the cross-chain bridge segment, where total losses reached $351 million. Notably, 38% of this amount is linked to the attack on the LayerZero OFT bridge, which experts directly associate with the KelpDAO hack. Another 37% came from compromised admin access and token price manipulation. Private key theft, contrary to expectations, accounted for only 5.66% of total losses.
Despite the record number of incidents, the second quarter of 2026 was not the most costly in terms of loss volume. The absolute leader in this regard is the fourth quarter of 2020, with damages of $3.56 billion. This trend is explained by fundamental changes in the ecosystem: the total value locked (TVL) decreased from $164 billion to approximately $73 billion. Simply put, attackers have less liquidity available to drain in one fell swoop.
The key problem, in my opinion, lies in the gap between the speed of protocol development and the maturity of their risk management systems. Many projects use "three out of six" multi-signature schemes but store three keys on a single laptop. This is not just negligence — it is a systemic risk that multiplies the number of small but frequent attacks.
In May, developers of THORChain confirmed a $10 million hack of the cross-chain protocol, after which they suspended the platform's operations, disabling trading, liquidity pool operations, and other sensitive functions. And on June 8, unknown attackers compromised wallets associated with Humanity Protocol, stealing approximately $31 million.
My comment: A record number of hacks with a decrease in average damage is an alarming signal. The industry is transitioning from an era of "big heists" to an era of "constant leaks." This indicates that protocol security is not keeping pace with their functional complexity. Until teams rethink their approach to risk management, we will witness not isolated disasters but a chronic "leakage" of funds.