2 hours ago
764
The second quarter of 2026 witnessed an alarming rise in security breaches within the cryptocurrency sector, marking it as the worst quarter for crypto security to date. With DeFiLlama data revealing 83 incidents by June 22, this period has surpassed previous records for such breaches. This surge in attacks creates a volatile environment that continues to challenge digital asset platforms and their security frameworks.
How Do The Losses Compare to Past Incidents?
In total, around $775 million was stolen during this quarter. While this amount is undoubtedly significant, it does not reach the catastrophic heights of the fourth quarter of 2020, when the losses soared to $3.56 billion. The impact of these breaches is felt across the industry as companies strive to bolster their defenses against an increasing number of threats.
Which Events Were Most Significant?
Two significant events were primarily responsible for the quarter’s staggering losses. KelpDAO and Drift Protocol suffered massive hits, losing $293 million and $280 million, respectively. Together, these incidents accounted for more than three-quarters of the total quarterly losses, underscoring the vulnerabilities that persist in high-value projects.
Cross-chain bridge vulnerabilities emerged as the primary vectors of these attacks, with breaches leading to an estimated $351 million in losses. Key contributors to these attacks included compromised admin credentials, manipulation of token prices, and theft of private keys, which alone accounted for approximately 5.7% of the total damages.
- Cross-chain bridge vulnerabilities resulted in $351 million in losses.
- KelpDAO’s $293 million theft made up about 38% of total losses.
- Admin credential compromises contributed to 37% of breaches.
- Bridge-related thefts were the most costly attack category.
Monthly analysis from CertiK highlighted a steady stream of incidents across April, May, and June. Although May tallied the highest number of incidents at 60, the month experienced a comparatively lower financial impact due to more minor breaches. This pattern points to a shift towards frequent small-scale attacks, reducing the monetary impact while increasing the number of security challenges that entities face.
Incidents in June emphasized this trend, with significant losses coming from attacks on Humanity Protocol and deprecated Aztec Connect smart contracts. Additionally, issues with the Taiko bridge and Raydium exchange further exemplified the diverse attack vectors currently utilizing vulnerabilities in the sector.
Outdated and deprecated smart contracts in the crypto space are becoming notable targets for attackers seeking out overlooked flaws. Hackers exploited vulnerabilities in old contracts tied to enterprises like Aztec Labs, where outdated contracts had administrative controls stripped, thus making them susceptible to more devastating exploits.
Throughout 2026, cumulative crypto losses have highlighted an industry needing more robust security measures. With an increasing emphasis on admin access and neglected digital infrastructures, digital asset platforms must revamp their strategies to combat an evolving threat landscape.
English (US)