Q2 2026 Is Already the Most-Hacked Crypto Quarter by Incident Count, Tracker Shows

DefiLlama’s public hacks tracker shows Q2 2026 is already the most-hacked quarter on record by number of incidents, even though the quarter is not over. As of June 12-13, the tracker indicated roughly 70 exploits and about $746 million in losses for the quarter, according to DefiLlama data cited by multiple outlets.

That makes Q2 a record for frequency, not necessarily for total dollars lost. The figures are a running tally in mid-June, with Q2 ending June 30, and both the incident count and loss estimates could change as cases are added or revised. Reporting based on DefiLlama’s data said the number of incidents has roughly doubled the previous quarterly record, while the dollar total is far more concentrated in a handful of large attacks.

Most of the money lost this quarter came early. DefiLlama-based reporting put April alone at roughly 28 to 30 incidents and more than $600 million to $635 million stolen. Two attacks accounted for the bulk of that damage.

The largest was the April 1 attack on Drift Protocol, a crypto trading platform, which the project said led to roughly $280 million to $295 million in user assets being taken. Drift later published an incident recovery update on April 16 outlining a recovery plan. The second was the April 18 exploit involving KelpDAO’s rsETH token and a LayerZero bridge connection, which resulted in the loss of about 116,500 rsETH, widely valued at roughly $290 million to $293 million. In a statement cited by CoinDesk on April 20, KelpDAO said, “Establishing a shared and accurate account of what happened is the foundation for making the right fixes together.”

The pattern behind the record count may be as important as the headline number. Across the quarter’s biggest incidents, post-mortems and forensic reviews pointed less to straightforward smart-contract coding mistakes and more to operational and infrastructure failures: compromised private keys, multisignature wallet breakdowns, validator or node compromises, and weaknesses in bridge or verifier setups.

More recent attacks suggest that trend did not stop with April’s outsized losses. Humanity Protocol said it was exploited on June 8, with project estimates putting losses at roughly $32 million to $36 million after a multisig, or multiple-signature wallet, private-key compromise. Reporting said the keys were likely stored on a single laptop that was compromised. THORChain, a cross-chain liquidity network, reported an incident on May 15 tied to a compromised validator or node that drained roughly $10 million to $11 million from a vault.

That distinction matters for the broader crypto industry. Classic smart-contract exploits target bugs in code that runs on a blockchain. Many of this quarter’s highest-profile losses instead appear to have come from failures in the systems around that code: how keys are stored, how validators and infrastructure are secured, and how bridge connections are configured and monitored.

In other words, Q2’s record does not necessarily mean crypto software has become twice as flawed. It suggests attackers are increasingly succeeding at the weaker points outside the contract itself, where a stolen credential or compromised machine can do as much damage as a coding error.

The quarter is still not finished, so DefiLlama’s count may rise further before June 30. For historical scale, DefiLlama’s broader dataset puts the cumulative “Total Value Hacked (USD)” across tracked incidents at roughly $16.6 billion.