Crypto Attacks: The second quarter of 2026 has gone down in the history of the cryptocurrency market by the number of attacks. Hackers stole hundreds of millions of dollars during this period, and so-called cross-chain bridges once again proved to be the most frequent target. For the average investor, however, this doesn’t mean that cryptocurrencies as such are failing. Rather, it’s a reminder that as the market grows, users’ security habits must grow as well.
The second quarter of 2026 hasn’t even fully closed yet, and according to available data, it already ranks among the most significant security milestones in the history of the cryptocurrency sector. An analysis by the Unfolded platform, based on DefiLlama data, reports 83 incidents targeting cryptocurrency protocols. In total, attackers made off with $755.3 million. However, it’s important to note that this is a record by the number of incidents, not by the total amount stolen. The largest financial losses remain associated with the fourth quarter of 2020, when $3.56 billion was stolen from cryptocurrency projects.
Table of Contents:
Biggest Attacks Hit KelpDAO and Drift Protocol
The largest incidents of the second quarter were the KelpDAO hack at $293 million and the Drift Protocol exploit at $280 million. These two cases alone accounted for a substantial portion of total losses. At the same time, they demonstrated that today’s risks in crypto aren’t always as straightforward as the public often imagines. It’s not just about “broken code” or a single faulty smart contract. Increasingly, attacks target surrounding infrastructure, access permissions, authentication mechanisms, or operational processes.
The KelpDAO case is telling in this regard. According to Chainalysis analysis, this wasn’t primarily a classic smart contract bug, but a sophisticated attack on off-chain infrastructure that provided cross-chain verification. According to Chainalysis, attackers compromised internal RPC nodes and forced the verification layer to accept false data as valid. On the blockchain, transactions appeared correct externally, yet they led to the release of funds based on non-existent token burns on the source network.
Cross-Chain Bridges Remain a Weak Point
The biggest source of losses in the second quarter were so-called cross-chain bridges. These allow assets to be moved between different blockchains, for example between Ethereum and other networks. They’re convenient for users and important for the development of the cryptocurrency market because they connect otherwise separate ecosystems. From a security perspective, however, they have long been among the most sensitive parts of the infrastructure.
Attacks on bridge protocols alone caused losses of $351 million in the second quarter according to available data. The LayerZero OFT bridge exploit, which led to the KelpDAO hack, alone accounted for more than 38 percent of the value stolen during the monitored period. Another significant category were attacks through compromised administrator access and price manipulation with fake tokens, which together accounted for 37 percent of losses. Private key compromises made up 5.66 percent.
In practice, this means that risk often doesn’t arise with Bitcoin or Ethereum itself, but with services that connect to the cryptocurrency world. The more complex the product, the more places where human factors, operational security, or technical settings can fail.
You Might Be Interested: Interview with Lucien Bourdon from Trezor
Other Incidents Show the Breadth of the Problem
KelpDAO and Drift Protocol weren’t the only cases. Ethereum layer-2 network Taiko lost $1.7 million after attackers compromised the chain state verification mechanism at one of the bridge protocols. Other significant incidents include $36 million stolen from Humanity Protocol on June 8 and a THORChain exploit for $10.7 million on May 15. Two attacks on abandoned Aztec Connect smart contracts and the loss of $1.3 million from decentralized exchange Raydium in early June were also mentioned.
Abandoned or long-unmaintained contracts are particularly attractive targets for attackers. Users may still access them through old links, wallets, or third-party interfaces, even though the original project is no longer actively operating. This is one reason why people shouldn’t approve transactions automatically and should regularly check which applications they’ve given access to their tokens.
The Problem Isn’t Crypto, But the Speed of Development
According to Dmytro Tarasiuk from risk platform CORE3 and security rating platform CER.live, the lower total loss amount may also be related to the decline in value locked in DeFi. According to his statement, this decreased from $164 billion before the October liquidation event to approximately $73 billion at the time of publication.
However, Tarasiuk pointed to another problem. According to him, some protocols are rebuilding and expanding faster than their risk management can mature. In extreme cases, a project may declare multi-signature security, but actually hold the keys in a way that weakens the entire solution.
Also Read: Monero – The Cryptocurrency That Protects Your Financial Privacy
Artificial Intelligence Enters the Game
Artificial intelligence has also been added to the cryptocurrency security debate in recent months. Mitchell Amador, head of bug bounty platform Immunefi, stated in an interview with Cointelegraph that new AI models have shifted the cybersecurity landscape in favor of attackers. He described the situation as a “vulnerability apocalypse,” a period when attackers can use new tools to find and exploit vulnerabilities faster. According to DefiLlama data, hacking accelerated significantly in April 2026, with over $634 million disappearing from cryptocurrency platforms that month.
But even here, there’s no reason for simple panic. The same technologies that can help attackers can gradually strengthen defense as well. AI may in the future speed up code audits, detection of suspicious transactions, or monitoring of cross-chain bridges. However, according to experts, this is now a critical period when security teams, protocols, and users themselves must work more carefully than before.
How the Average User Can Protect Themselves
For the average investor, this leads to several practical conclusions. There’s no need to give up on cryptocurrencies, but it’s sensible to think about where and how to hold them. The larger portion of long-term holdings shouldn’t sit in random DeFi protocols or services that the user doesn’t understand. For more significant amounts, it makes sense to use a hardware wallet, protect the seed phrase offline, and never enter it into web forms.
Special caution is warranted with bridge protocols. Cross-chain transfers can be useful, but they’re among the more technically complex operations. If a user uses a bridge, they should prefer established services, avoid transferring unnecessarily high amounts at once, and first try a smaller test transaction. Equally important is regularly revoking old wallet permissions and not leaving applications with unlimited access to tokens.
Caution also pays off with projects that promise unusually high yields. In crypto, a simple rule still applies: the more complex the product and the higher the promised return, the more important it is to ask where the return comes from and what risks the user is taking on. Audits, bug bounty programs, transparent teams, and clear communication about security incidents should be a basic minimum, not a marketing bonus.
You Might Like: Bitcoin Waits for the Fed
