According to DeFiLlama data, the second quarter of 2026 was the worst quarter on record for crypto security. As of June 22, approximately 83 security breaches were recorded. This number was nearly double the highest attack frequency previously seen.
Total losses remained high but below historical peaks
The total amount stolen during the quarter was estimated at approximately $775 million. Although this figure was high, it was below the heaviest losses the sector has seen in some quarters in the past. The record in dollar terms is maintained at 3.56 billion dollars in the fourth quarter of 2020.
Unfolded stated that the situation during the quarter was not determined by a few giant attacks, but by successive smaller breaches.
Crypto market intelligence platform Unfolded stated that the structure that fueled the negative picture during the quarter was not a few massive attacks, but rather repeated smaller-scale breaches. Unfolded is known as an analysis platform that compiles data and developments regarding the crypto market.
Two major events caused the greatest damage
The majority of the total loss in the second quarter was due to two events. There was a loss of $293 million in KelpDAO and $280 million in Drift Protocol. These two incidents alone accounted for more than three-quarters of the total funds stolen in the quarter.
Both attacks took place in April. CertiK confirmed this month as a record month, with total industry losses of approximately $651 million and 28 to 30 separate attacks.
Mini dictionary: Cross chain bridge refers to the bridge infrastructure that enables asset transfer between different blockchain networks. OFT, on the other hand, is the Omnichain Fungible Token standard used in the LayerZero ecosystem and aims to ensure that tokens work together across multiple networks.
| Event | Loss | Share during the period |
|---|---|---|
| KelpDAO | $293 million | About 38% |
| Drift Protocol | $280 million | Significant part of the total |
| Bridge based attacks | $351 million | Highest loss item |
One of the most costly attacks was inter-chain bridge vulnerabilities. It was estimated that bridge-related violations caused losses of approximately $351 million in the second quarter. The LayerZero OFT bridge vulnerability behind the KelpDAO incident alone represented more than 38% of stolen funds during the quarter. Admin access compromise and fake token price manipulation also accounted for 37% of the losses. The share of private key theft remained at approximately 5.7%.
Many attacks spread over months attracted attention
According to CertiK’s monthly reports, there have been 58 incidents in April, 60 in May and 25 so far in June. Even though there was more than a week left until the end of June, the flow of attacks continued. The total loss remained at $68.3 million despite 60 incidents in May, reinforcing the trend of more frequent but smaller-scale violations.
In June, Humanity Protocol lost $32 million due to a private key breach on June 8. Aztec Connect’s deprecated smart contracts were targeted twice within a week. The first incident resulted in a loss of $2.19 million on June 14, and the second incident resulted in a loss of $2 million on June 17. Taiko also confirmed on June 22 that its hyperlink authentication mechanism was used in a $1.7 million attack. The decentralized exchange Raydium lost $1.34 million due to a fake LP mint attack on June 10.
Aztec Labs stated that on-chain management powers were abandoned in products that were retired in 2022 and 2023, so there was no mechanism for emergency patching.
Deprecated contracts have become the new target
Smart contracts, which development teams had previously abandoned, have also come to the fore again. However, this time the reason was not technical progress but security vulnerabilities. The Aztec incidents showed that even products that have been inactive for a long time remain attractive targets for attackers.
In a similar incident, on June 15, $2.1 million was found in an old safe associated with Thetanuts Finance. Security researcher Blockful.eth highlighted that there have been multiple attacks on old contracts where millions of dollars are kept idle.
According to CertiK data, the total loss accumulated from January to the end of May in 2026 reached approximately 1.3 billion dollars. Events in June are also added to this total. The latest chart showed that, unlike the multibillion-dollar losses from a single massive bridge or exchange breach in years past, more frequent attacks targeted administrative access, bridge infrastructure, and abandoned code base.
