Best crypto insights delivered straight to your inbox.
- Q2 2026 has recorded a record 83 crypto security incidents, making it the most attack-heavy quarter on record.
- Total losses of about $775 million remain below past peak quarters.
- Hackers are increasingly exploiting abandoned or deprecated smart contracts that still hold funds, exposing a growing blind spot in crypto security.
The second quarter of 2026 will go down as the worst quarter on record when it comes to crypto security breaches, more than any three-month period, according to DeFiLlama data. As of June 22, around 83 incidents have been recorded, which is double the previous high for attack frequency.
However, the amount lost is still below the industry’s worst losses. The total value hacked is put at approximately $775 million for Q2; while it is high, it is still a fraction of some of the highs that occurred in certain quarters in previous years.
Crypto market intelligence platform Unfolded described the kind of exploits that constantly fed the bad news during the quarter, writing on X, “Rather than a few giga exploits, it’s been a constant stream of smaller attacks.”
The fourth quarter of 2020 still holds the dollar-loss record at $3.56 billion.
Which exploits account for the most damage that occurred in Q2?
The $293 million KelpDAO breach and $280 million Drift Protocol exploit together accounted for more than three-quarters of Q2’s total stolen funds.
Both incidents occurred in April, which CertiK confirmed as a record-setting month with around $651 million in total industry losses across 28 to 30 separate attacks.
Cross-chain bridge vulnerabilities were responsible for the costliest attacks. Bridge-related exploits accounted for an estimated $351 million in Q2 losses.
The LayerZero OFT bridge flaw behind the KelpDAO incident alone represented more than 38% of all funds stolen during the quarter.
Compromised administrator credentials and fake token price manipulation made up another 37% of losses. Private key theft accounted for about 5.7%.
What was the frequency of attacks on crypto projects month-on-month?
CertiK’s monthly reports show that 58 incidents occurred in April, 60 in May, and 25 in June so far, with over a week remaining, according to DefiLlama’s tracker.
May’s dollar losses came in far lower at $68.3 million across those 60 incidents, per CertiK, reinforcing the pattern of frequent but smaller breaches.
June has already produced several notable exploits, one of which is the Humanity Protocol breach, which lost $32 million to a private key compromise on June 8. Abandoned Aztec Connect smart contracts were exploited twice in the span of a week, with the first incident being a $2.19 million breach on June 14, followed by a separate $2 million drain on June 17, as Cryptopolitan documented.
Taiko confirmed on June 22 that attackers exploited its bridge verification mechanism for $1.7 million, with PeckShield estimating the loss, and Lookonchain tracking 1.99 million TAIKO tokens moved to MEXC.
Decentralized exchange Raydium lost $1.34 million to a fake LP mint attack on June 10.
Deprecated contracts are now a growing target for hackers
Smart contracts that development teams abandoned earlier are now making news again, but not for good reasons, as attackers seem to have turned their focus on them.
The back-to-back Aztec incidents hit products that had been deprecated in 2022 and 2023, with administrative controls renounced on-chain, leaving no mechanism for emergency patches, according to Aztec Labs.
Another attack that involved deprecated contracts was the one that saw $2.1 million leave a legacy vault linked to Thetanuts Finance on June 15.
Security researcher Blockful.eth flagged this emerging pattern on X, noting multiple exploits had hit “old contracts with millions of dollars sitting idle.”
What does this trend mean for the rest of 2026?
The cumulative losses in 2026, from January through the end of May, reached around $1.3 billion, according to CertiK. June’s incidents are adding to that total with the quarter still open.
The latest trend of lower-dollar attacks marks a change from earlier years, when a single bridge exploit or exchange breach could account for billions.
Frequent attacks now target admin access, bridge infrastructure, and abandoned code, unlike what used to be the occasional catastrophic event in the past.
However, response capabilities have improved, with the KelpDAO incident in April being a notable example. The Arbitrum Security Council froze $71 million of the KelpDAO attacker’s funds using emergency powers, as Cryptopolitan reported.
If you're reading this, you’re already ahead. Stay there with our newsletter.
FAQs
How many crypto hacks occurred in Q2 2026?
DefiLlama data analyzed by Unfolded shows approximately 83 separate exploits through June 22, 2026, making it the most-hacked quarter on record by incident count.
What were the largest crypto exploits in Q2 2026?
The two costliest incidents were the $293 million KelpDAO exploit, which targeted a LayerZero cross-chain bridge vulnerability, and the $280 million Drift Protocol breach, which involved social engineering by North Korea's Lazarus Group.
How much total crypto was stolen in Q2 2026?
Total Q2 2026 losses stand at approximately $746 million to $755 million, well below the $3.56 billion lost in Q4 2020 despite the record number of incidents.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Hannah Collymore
Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)