Q2 2026: Nearly 70 Crypto Hacks Drain $746M

Security trackers logged nearly 70 crypto hacks in the second quarter of 2026 that together removed about $746 million from blockchain platforms.

April accounted for roughly 30 incidents and more than $625 million in losses. Two incidents dominated that month: Drift Protocol lost $285 million on April 1 and KelpDAO lost $293 million on April 18, together representing about 93% of April outflows. The remaining April incidents were mostly under $5 million, with many below $1 million.

May recorded roughly 14 decentralized finance protocols hit, about eight of which involved cross‑chain bridges, with combined losses near $28 million.

The first quarter of 2026 saw about $169 million stolen across 34 protocols. By the end of May, cumulative DeFi losses for the year exceeded $840 million across more than 50 incidents. Over the same five-month span in 2025 there were about 30 incidents, a roughly 70% increase in frequency.

Two recurring vulnerabilities were evident. Cross‑chain bridges, which lock assets on one network and issue equivalents on another, exposed pooled funds when flaws were found. Separately, attackers increasingly targeted private keys through phishing and social engineering to gain access to accounts and operational systems rather than relying only on smart‑contract bugs.

Over the past decade, reported crypto hacks have surpassed $17 billion. Data tracked this quarter show a move away from a few very large exploits toward many smaller attacks. Defillama analysts wrote, “Rather than a few giga exploits, it’s been a constant stream of smaller attacks.”

Auditors reported the sector is experiencing nearly one successful attack per day. Investigations into many Q2 incidents remain active, and recoveries or new attributions could change the final loss totals.

Market actors and security teams have focused on improving key management, tightening bridge controls and strengthening incident response in reaction to the pattern of frequent, lower‑value attacks.