Crypto news

01.07.2026
22:59

Losses from crypto hacks in June decreased to $75.9 million — expert analysis

In June 2026, the crypto industry faced 40 major incidents, resulting in hackers stealing approximately $75.9 million. This is 7.1% less than in May ($81.7 million), indicating some stabilization of the situation, but the overall trend of DeFi protocol vulnerability remains alarming.

Largest Attacks of the Month

The most significant episode was the hack of Humanity Protocol, with damages estimated at $31 million. After an internal investigation, the protocol team adjusted the figure to $36 million. The project's founder linked the incident to a compromised private key, and Quantstamp experts identified characteristic signs pointing to the possible involvement of North Korean hacker groups. This is not the first time attacks on crypto projects have been linked to state actors — such incidents are becoming increasingly systemic.

The second largest attack was the exploitation of the Syscoin Bridge, where losses amounted to $10 million. An error in the validation mechanism allowed the attacker to mint billions of unbacked SYS tokens without corresponding burning. This is a classic example of a vulnerability in cross-chain infrastructure, which remains the Achilles' heel of many networks.

Other Notable Incidents

Among the notable June attacks was the hack of an MEV bot associated with the address JaredFromSubway.eth, for $7.5 million. Also included in the list were incidents with Secret Network ($4.67 million), Polymarket, SecondFi, and TESSERA, where losses ranged from $2.4 million to $4.67 million. Of particular note are two attacks on the outdated Aztec infrastructure: the combined damage from exploiting the Aztec Bridge and Aztec Connect bridges amounted to about $4 million. These contracts were immutable, which deprived developers of the ability to stop the attack.

The top 10 June incidents also include hacks of Taiko Bridge ($1.7 million), Token of Power ($1.58 million), Raydium ($1.34 million), and the LABUBU/OLPC pool on PancakeSwap ($1.1 million).

Analysis and Conclusions

According to analysts, funds stolen from Humanity Protocol were laundered through Bitcoin, Solana, Hyperliquid, and BNB Chain. Some assets were mixed with money from the April KelpDAO exploit, indicating a possible connection between these attacks. This confirms the hypothesis that the same organized groups are behind many hacks.

It is worth noting that in the second quarter of 2026, the industry set an anti-record for the number of hacks — 83 incidents, with total damages reaching $755.3 million. Although June statistics show a decline, this is more of a temporary respite than a sustainable trend. The main risks are still associated with outdated infrastructure, key compromise, and insufficient smart contract auditing. As a professional, I recommend that projects prioritize security at the development stage, rather than after an incident.