Key Takeaways
- Defillama logged about 70 hacks during Q2 2026, roughly double the prior record for incident count.
- Despite the volume, the $746M stolen trails past peaks, signaling a shift to smaller, more frequent attacks.
- April 2026 alone saw 30 incidents and over $625M lost, led by the Drift Protocol exploit and KelpDAO breach.
A Record Built on Many Small Hits
The second quarter of 2026 is already the most-hacked quarter on record, tallying about 70 hacks, which is roughly twice the previous record for the number of incidents in a single quarter. Yet the total sum stolen, about $746 million, is a fraction of the peak reached in recent years. On the subject, Defillama analysts noted:
“Rather than a few giga exploits, it’s been a constant stream of smaller attacks.”
That pattern marks a departure from the mega-heists that defined earlier years, when a handful of nine-figure bridge and protocol exploits drove annual totals. Attackers seem to be spreading their efforts across many lower-value targets rather than chasing single, headline-grabbing scores (a strategy that is harder for the industry to track and defend against).
The quarter’s damage was front-loaded, with April being confirmed as crypto’s most-hacked month on record, with about 30 incidents and more than $625 million stolen. Two breaches dominated, namely Drift Protocol’s $285 million losses on April 1, and KelpDAO $293 hack on April 18 (together about 93% of April’s outflows). The remaining two dozen-plus incidents mostly came in under $5 million, many below $1 million.
The monthly pace stayed elevated through May as roughly 14 decentralized finance ( DeFi) protocols were hit during the month, of which about eight were bridge-related, with collective losses near $28 million. By the end of May, cumulative DeFi losses for 2026 had topped $840 million across more than 50 incidents in five months, versus about 30 over the same span in 2025, a roughly 70% year-over-year jump in frequency.
Bridges and Stolen Keys in Focus
The repeated break-ins pointed to two recurring weak spots. Cross-chain bridges, which lock assets on one network and mint equivalents on another, remained a favored target because a single flaw can expose pooled funds. Similarly, security analysts flagged a broader pivot from code exploits to key theft, as attackers increasingly used social engineering and phishing to capture private keys rather than hunt for smart-contract bugs.
That evolution has been visible over a longer horizon, given crypto hacks have topped $17 billion over the past decade, with the attack surface steadily moving from protocol code toward the humans and operational systems around it. The first quarter of 2026 had already set a grim baseline, with about $169 million stolen across 34 protocols.
With the quarter not even done, the final tally could climb further. Auditors warn the sector is running close to one attack per day, and the steady drip of mid-sized exploits keeps pressure on bridges, key management and incident response.
The data offers one sliver of relief, which is that smaller average losses suggest better segmentation of funds, even as the sheer number of successful attacks hits a record. Whether protocols can slow the cadence and not just cap the damage will define the rest of 2026.
Be the first to comment