Crypto news

01.07.2026
20:59

The damage from crypto hacks in June decreased to $75.9 million: my detailed analysis

In June, the crypto industry lost approximately $75.9 million as a result of 40 major hacker attacks. This is 7.1% less than in May, when losses reached $81.7 million. The data confirms a positive trend of declining losses, but it is too early to relax — the structure of attacks is becoming increasingly sophisticated.

The largest incident of the month was the hack of Humanity Protocol, which resulted in losses of $31 million. The project team later clarified that the actual damage is closer to $36 million. Founder Terence Kwok stated that a private key was compromised. Quantstamp experts linked the attack to North Korean hackers — this is indicated by characteristic signs, including money laundering methods.

In second place is the attack on Syscoin Bridge with losses of $10 million. The attacker exploited an error in the validation mechanism, which allowed the issuance of billions of unbacked SYS tokens without burning the original assets. This is a classic example of a vulnerability in cross-chain bridges, which remain a primary target.

The third largest was the hack of an MEV bot associated with the address JaredFromSubway.eth — $7.5 million. This case highlights the risks associated with automated maximum extractable value strategies.

The list of significant June incidents also includes attacks on Secret Network ($4.67 million), Polymarket, SecondFi, and TESSERA, where losses ranged from $2.4 million to $4.67 million. Two hacks of the outdated Aztec infrastructure deserve special attention: Aztec Bridge ($2.16 million) and Aztec Connect ($2.1 million). Developers cannot stop these contracts or update them — they were immutable.

The top 10 also includes Taiko Bridge ($1.7 million), Token of Power ($1.58 million), Raydium ($1.34 million), and the LABUBU/OLPC pool on PancakeSwap ($1.1 million).

My analysis: According to PeckShield, the funds stolen from Humanity Protocol were laundered through Bitcoin, Solana, Hyperliquid, and BNB Chain. Part of the assets mixed with money from the April KelpDAO exploit. This suggests that the same actor may be behind both attacks. In the second quarter of 2026, the industry set an anti-record for the number of hacks — 83 incidents totaling $755.3 million. The trend of declining losses in June is a good sign, but it does not negate the systemic security issues with DeFi and bridges.

Expert opinion: The decline in losses in June is more of a statistical fluctuation than a sustainable trend. The main threats remain the same: vulnerabilities in smart contracts and attacks on private keys. I advise project teams to conduct code audits at least once a quarter and implement multi-factor protection mechanisms for critical contracts.