DeFiLlama reported crypto sector set new quarterly record with 83 security breaches and $775 million stolen in Q2 2026

According to DeFiLlama data, the second quarter of 2026 marked the worst three-month period on record for crypto security. As of June 22, approximately 83 security breaches were reported in the sector, doubling the previous quarterly high for attacks in the industry.Total losses remain high, but below historical peakTwo incidents accounted for most of the damagesHigh frequency of attacks spread across monthsDeprecated contracts become new targets Total losses remain high, but below historical peakThe total value stolen throughout the quarter was estimated at around $775 million. While this figure is substantial, it still falls below the catastrophic losses seen in some previous quarters. The all-time dollar-loss record remains $3.56 billion from the fourth quarter of 2020.Unfolded, a crypto market intelligence provider, emphasized that this negative trend was driven not by a handful of large-scale incidents, but rather by a relentless sequence of smaller breaches throughout the quarter.Unfolded, known for compiling data and insights on the crypto market, highlighted that the challenging landscape this quarter was shaped by frequent, smaller-scale attacks rather than a few major hacks. The persistent flow of minor incidents created a heightened sense of insecurity within the sector.Two incidents accounted for most of the damagesThe majority of Q2’s losses stemmed from just two major events: KelpDAO suffered a $293 million theft and Drift Protocol was hit for $280 million. These two breaches alone made up over three-quarters of the total funds stolen during the period. Both attacks occurred in April. CertiK confirmed that the month saw record losses for the industry with $651 million stolen across 28 to 30 separate attacks.Mini glossary: A cross-chain bridge is an infrastructure enabling asset transfers between different blockchain networks. OFT (Omnichain Fungible Token) is a standard used in the LayerZero ecosystem, allowing tokens to function seamlessly across multiple blockchains.IncidentLossShare of period totalKelpDAO$293 millionAbout 38%Drift Protocol$280 millionSignificant shareBridge-related attacks$351 millionLargest loss categoryCross-chain bridge vulnerabilities topped the list as the most costly attack vector. In the second quarter, breaches associated with these bridges led to around $351 million in thefts. The LayerZero OFT bridge exploited in the KelpDAO case alone accounted for more than 38% of the quarter’s losses. Compromised admin credentials and fake token price manipulations contributed 37% of damages, while private key theft was responsible for roughly 5.7% of losses.High frequency of attacks spread across monthsMonthly reports from CertiK show 58 incidents in April, 60 in May, and 25 in June so far. Despite more than a week remaining in June, the string of breaches has continued. While May registered the highest number of cases at 60, total losses for that month were just $68.3 million, confirming a trend toward more frequent but less costly hacks.June also saw significant events: On June 8, $32 million was stolen from Humanity Protocol due to a private key compromise. Aztec Connect’s deprecated smart contracts were targeted twice in one week—$2.19 million was stolen on June 14, followed by another $2 million loss on June 17. Meanwhile, Taiko confirmed on June 22 that its bridge validation mechanism was exploited for $1.7 million. On June 10, decentralized exchange Raydium lost $1.34 million in a counterfeit LP mint attack.Aztec Labs clarified that administrative privileges on discontinued products (retired in 2022 and 2023) had been renounced on-chain, leaving no emergency patch mechanism in place.Deprecated contracts become new targetsSmart contracts that development teams had previously abandoned are now being revisited, not for technical upgrades, but because of lingering security flaws. The Aztec incidents underscored that even long-dormant products remain attractive targets for hackers.In a similar episode, an old vault linked to Thetanuts Finance was drained of $2.1 million on June 15. Security researcher Blockful.eth emphasized that multiple attacks have targeted dormant contracts housing millions in stagnant funds.CertiK figures show that total accumulated crypto losses from January through the end of May 2026 reached approximately $1.3 billion, with June’s incidents adding to this sum. The data reveal a shift from the massive, single-point bridge or exchange hacks of past years, toward more frequent breaches targeting admin access, bridge infrastructure, and abandoned codebases.Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.