Q2 2026 emerges as most-hacked quarter on record with 83 incidents

Q2 2026 emerges as most-hacked quarter on record with 83 incidents

Crypto hackers stole $755 million across 83 cybersecurity incidents, as cross–chain bridges remained the most costly attack vector of the crypto industry.

The rising incident count and lower aggregate losses may reflect a smaller pool of value available to attackers, according to Dmytro Tarasiuk, product director at risk intelligence platform CORE3 and crypto security rating platform CER.live. He noted that total value locked in DeFi has fallen from $164 billion before the Oct. 10 liquidation event to about $73 billion at press time.

The industry’s most pressing vulnerability remains that protocols are re-engineered faster than their underlying risk management complexity, which often means that projects “declare a [three-of-six] multisig [and] store [three] keys on one laptop,” leading to more operational vulnerabilities, he told Cointelegraph.

Cross-chain bridge exploits lead attack vectors

Cross-chain bridge exploits emerged as the biggest attack vector of the quarter, with $351 million in value hacked from bridges alone. The LayerZero OFT bridge exploit, which led to the $293 million KelpDAO hack, accounted for more than 38% of the value stolen during the quarter.

Compromised admin attacks and fake token price manipulation accounted for 37% of losses, while private key compromises represented 5.66%.

Ethereum layer-2 blockchain Taiko was the latest network to suffer an exploit on one of its bridge protocols, as hackers stole $1.7 million by compromising Taiko’s chain state verification mechanism.

Other notable incidents

Other notable incidents of the past quarter include:

• $36 million stolen from Humanity Protocol on June 8
• $10.7 million exploit on THORChain on May 15
• Two exploits on Aztec Connect’s abandoned smart contracts, each resulting in $2.1 million stolen
• $1.3 million stolen from decentralized exchange Raydium earlier in June

Security landscape debate

The incidents add to the ongoing debate about whether the development of new artificial intelligence models has reshaped the crypto industry's security landscape, concerns that arose from the series of exploits in April.

During a recent interview, Mitchell Amador, the CEO of bug bounty platform Immunefi, told Cointelegraph that the proliferation of new AI models has shifted the cybersecurity playing field in favor of attackers, causing a “vulnerability apocalypse” that led to the resurgence in exploits.