Crypto news

23.06.2026
09:05

The number of hacks has reached a record high, but less was stolen: the paradox of the second quarter of 2026

hack

The second quarter of 2026 will go down in crypto industry history as the most "fruitful" in terms of the number of attacks — analysts recorded 83 successful protocol hacks. This is an absolute anti-record for the entire observation period. However, the paradox is that the total damage amounted to "only" $755.3 million — an impressive figure, but far from a record.

The key trend of the quarter is not isolated giant exploits, but a continuous stream of medium and small incidents. If earlier we observed single "bombs" worth hundreds of millions, now hackers operate fractionally, methodically cleaning out vulnerable spots. The largest attacks were the KelpDAO hack for $293 million and the Drift Protocol exploit for $280 million. Interestingly, 38% of all losses occurred in the cross-chain bridge segment, with the lion's share coming from the LayerZero OFT bridge incident related to the KelpDAO attack. Another 37% of losses were caused by compromised administrative access and token price manipulations. Private key theft, contrary to expectations, accounted for only 5.66% — this indicates that attackers are increasingly targeting smart contract logic rather than user wallets.

In terms of loss volume, the current quarter did not even enter the top three. The record still belongs to the fourth quarter of 2020 with a figure of $3.56 billion — at that time, the market was experiencing the aftermath of the FTX hack and a number of major DeFi projects.

The decrease in total damage amid an increase in the number of attacks is a symptom of a deeper problem. The total value locked (TVL) in protocols has decreased from $164 billion to approximately $73 billion. Simply put, there is less liquidity in the ecosystem to steal. But this is not reassuring: the gap between the speed of implementing new features and the maturity of risk management systems is becoming critical. A striking example is projects using a "three out of six" multisignature scheme but storing three keys on one laptop. This is not negligence, but a systemic error that will repeat until teams reconsider their approaches to security.

In May, THORChain developers confirmed a $10 million hack, after which the protocol was temporarily halted. And on June 8, unknown attackers compromised Humanity Protocol wallets, causing damages of about $31 million. These incidents are just the tip of the iceberg.

My view as an analyst: We are witnessing a paradigm shift — hackers are adapting faster than protocols are implementing protection. While the market chases TVL and new features, security remains the "Cinderella" at the ball. If the trend continues, the third quarter could break records not only in the number of hacks but also in damages — as soon as liquidity returns.