June Crypto Hack Report: Losses Drop to $75.9 Million, but North Korean Trail Remains
June 2026 showed a noticeable decline in crypto hacker activity: 40 major incidents were recorded during the month, with total stolen funds amounting to $75.9 million. This is 7.1% less than in May ($81.7 million), which may indicate a temporary lull or a shift in attackers' focus to other targets.
The largest attack of the month was the hack of the Humanity Protocol, with damages initially estimated at $31 million but later revised to $36 million. Project founder Terence Kwok linked the incident to a compromised private key. Notably, Quantstamp experts identified characteristic signs pointing to the possible involvement of North Korean hackers — a group known for its methodical approach and focus on DeFi protocols.
The second largest loss was the attack on the Syscoin Bridge, resulting in a loss of $10 million. The cause was an error in the validation mechanism, which allowed the attacker to mint billions of unbacked SYS tokens without burning the original assets. This is a classic example of a vulnerability in cross-chain infrastructure, which remains one of the weakest links in the ecosystem.
Among other significant incidents, the hack of an MEV bot associated with the address JaredFromSubway.eth for $7.5 million stands out. Also in the top 10 were attacks on Secret Network ($4.67 million), Polymarket ($4.4 million), SecondFi ($4.2 million), and TESSERA ($2.4 million). Two hacks of outdated Aztec Bridge and Aztec Connect contracts deserve special attention, with combined damages of about $4 million. These contracts were immutable, which deprived developers of the ability to stop the attack — a lesson for those who neglect updating legacy infrastructure.
Analysis of the movement of stolen funds showed that Humanity Protocol assets were laundered through Bitcoin, Solana, Hyperliquid, and BNB Chain. Part of the funds was mixed with assets stolen during the April KelpDAO exploit ($293 million), suggesting a possible common operator for both attacks.
My comment: The decline in total damages in June should not be reassuring — the second quarter of 2026 has already set an anti-record for the number of hacks (83 incidents), with total damages for this period amounting to $755.3 million. We are not seeing a weakening of the threat, but its evolution: hackers are becoming more selective, choosing targets with high liquidity and complex architecture. Projects need to strengthen audits specifically of cross-chain bridges and outdated smart contracts — these are the most vulnerable points in the current paradigm.