The second quarter of 2026 has become the most-hacked period in cryptocurrency history, with roughly 70 separate exploits targeting decentralized finance (DeFi) protocols and draining approximately $746 million. While the dollar amount trails previous record-breaking years, the sheer volume of attacks represents a troubling new pattern: instead of a handful of massive breaches, the industry is now facing a relentless barrage of smaller, coordinated strikes.

What Made Q2 2026 So Vulnerable to Attacks?

The quarter's damage was heavily front-loaded, with April 2026 emerging as crypto's most-hacked month on record. During that single month, roughly 30 separate incidents resulted in more than $625 million in losses. Two breaches dominated April's tally: the Drift Protocol exploit on April 1, which cost $285 million, and the KelpDAO breach on April 18, which resulted in $293 million in losses. Together, these two incidents accounted for approximately 93 percent of April's total outflows.

The remaining two dozen-plus incidents that month were substantially smaller, with most falling under $5 million and many below $1 million. This pattern continued through May, when roughly 14 DeFi protocols were compromised, with about eight being bridge-related attacks. May's collective losses totaled near $28 million, keeping the quarterly pace elevated.

By the end of May, cumulative DeFi losses for 2026 had exceeded $840 million across more than 50 incidents in just five months. This represents a roughly 70 percent year-over-year jump in attack frequency compared to the same period in 2025, when approximately 30 incidents occurred.

Why Are Attackers Shifting to Smaller, More Frequent Exploits?

Security analysts have identified a fundamental shift in attacker strategy. Rather than pursuing single, headline-grabbing mega-heists, bad actors are now spreading their efforts across many lower-value targets. This approach is harder for the industry to track and defend against, creating a distributed threat surface that strains incident response teams across the ecosystem.

The repeated break-ins have exposed two recurring weak spots in DeFi infrastructure. Cross-chain bridges, which lock assets on one blockchain network and mint equivalent tokens on another, remain a favored target because a single vulnerability can expose pooled funds held across multiple chains. Additionally, security analysts flagged a broader pivot from code exploits to key theft, as attackers increasingly use social engineering and phishing tactics to capture private keys rather than hunt for smart-contract bugs.

This evolution reflects a longer-term trend in the crypto security landscape. Over the past decade, crypto hacks have topped $17 billion, with the attack surface steadily moving away from protocol code vulnerabilities toward the humans and operational systems surrounding it. The first quarter of 2026 had already set a grim baseline, with about $169 million stolen across 34 protocols.

How Can DeFi Protocols Reduce Their Attack Surface?

• Bridge Security: Implement multi-signature verification and time-locked mechanisms for cross-chain asset transfers to reduce the impact of a single vulnerability on pooled funds.
• Key Management: Deploy hardware wallet integration, multi-party computation (MPC) for key custody, and regular security audits to minimize the risk of private key theft through social engineering.
• Incident Response: Establish rapid response protocols and maintain redundant systems to detect and contain breaches before attackers can drain significant liquidity pools.

The data does offer one sliver of relief: the smaller average losses suggest better segmentation of funds across DeFi protocols, even as the sheer number of successful attacks hits a record high. Whether protocols can slow the cadence of attacks and not just cap the damage will define the rest of 2026.

With auditors warning that the sector is running close to one attack per day, the steady drip of mid-sized exploits continues to place pressure on bridges, key management systems, and incident response capabilities across the DeFi ecosystem. The quarter is not yet complete, and the final tally could climb further before June ends.