Q2 2026 emerges as most-hacked quarter on record with 83 incidents

The second quarter of 2026 has already become the most-hacked quarter on record by incident count, with 83 exploits targeting cryptocurrency protocols, according to analysis by market insights platform Unfolded based on DefiLlama data.

However, the $755.3 million stolen during the quarter so far is significantly lower than the $3.56 billion lost in the fourth quarter of 2020, which remains the costliest quarter on record for crypto hacks.

KelpDAO’s $293 million hack and Drift Protocol’s $280 million exploit were the largest incidents of the quarter.

The figures suggest hacking activity is becoming more frequent, even as total losses remain below previous record levels.

Cryptocurrency hacks by monthly sum, all-time chart. Source: DefiLlama

The rising incident count and lower aggregate losses may reflect a smaller pool of value available to attackers, according to Dmytro Tarasiuk, product director at risk intelligence platform CORE3 and crypto security rating platform CER.live. He noted that total value locked in DeFi has fallen from $164 billion before the Oct. 10 liquidation event to about $73 billion at press time.

The industry’s most pressing vulnerability remains that protocols are re-engineered faster than their underlying risk management complexity, which often means that projects “declare a [three-of-six] multisig [and] store [three] keys on one laptop,” leading to more operational vulnerabilities, he told Cointelegraph.

Bridge exploits emerged as the leading attack vector in Q2 2026

Cross-chain bridge exploits emerged as the biggest attack vector of the quarter, with $351 million in value hacked from bridges alone.

The LayerZero OFT bridge exploit, which led to the $293 million KelpDAO hack, accounted for more than 38% of the value stolen during the quarter. Compromised admin attacks and fake token price manipulation accounted for 37% of losses, while private key compromises represented 5.66%.

Total hacked by technique in Q2 2026. Source: DefiLlama

Ethereum layer-2 blockchain Taiko was the latest network to suffer an exploit on one of its bridge protocols, as hackers stole $1.7 million by compromising Taiko’s chain state verification mechanism.

Related: Humanity Protocol’s $36M loss tied to suspected North Korean hackers: Quantstamp

Other notable incidents of the past quarter include the $36 million stolen from Humanity Protocol on June 8 and the $10.7 million exploit on THORChain on May 15.

Other recent incidents include two exploits on Aztec Connect’s abandoned smart contracts, each resulting in $2.1 million stolen and $1.3 million stolen from decentralized exchange Raydium earlier in June.

The incidents add to the ongoing debate about whether the development of new artificial intelligence models has reshaped the crypto industry's security landscape, concerns that arose from the series of exploits in April.

During a recent interview, Mitchell Amador, the CEO of bug bounty platform Immunefi, told Cointelegraph that the proliferation of new AI models has shifted the cybersecurity playing field in favor of attackers, causing a “vulnerability apocalypse” that led to the resurgence in exploits.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why