Q2 2026 Sets All-Time High for DeFi Hack Count With ~70 Exploits, $746M Stolen

The second quarter of 2026 set a new benchmark for DeFi security breaches, not by the size of a single hack but by sheer volume. DefiLlama recorded about 70 distinct exploits across April, May and early June, doubling the previous quarterly record. While the $746 million stolen is modest compared with the $1.4 billion Bybit breach of February 2025, the concentration of losses in April – $285 million from Drift Protocol and $293 million from KelpDAO – accounted for nearly all of the quarter’s dollar damage. This pattern illustrates a shift from headline‑grabbing mega‑exploits to a steady stream of smaller, yet frequent, attacks.

The data also reveals a pronounced concentration of risk in Ethereum‑centric protocols and bridge infrastructure. In May, 74% of the $84 million lost originated from Ethereum‑linked platforms, while bridge‑related incidents have already exceeded $328 million for the year. Attack vectors have evolved away from pure smart‑contract code bugs toward operational failures such as multisig tampering, address‑poisoning, and bridge message spoofing. For investors and custodians, this underscores the need to harden off‑chain processes, enforce stricter key‑management practices, and diversify exposure away from single points of failure.

Looking ahead, the rising incident count could dampen total value locked (TVL) recovery, as market participants factor heightened operational risk into capital allocation decisions. Industry players are responding with more aggressive bug‑bounty programs, formal verification of bridge contracts, and insurance products tailored to frequent, lower‑value losses. However, without coordinated standards for bridge security and infrastructure resilience, the DeFi sector may continue to see a high frequency of attacks that erode user confidence and slow mainstream adoption.