With three days left in the quarter, Q2 2026 has already logged 83 crypto hack incidents, the highest ever for a single quarter, and $755.3 million in losses, per Immunefi's Q2 2026 security report published June 27.
The record is about frequency. Crypto was hacked more than once a day on average from April 1 through June 27, even though the dollar total remains far below the all-time quarterly loss record.
Bridges took the largest losses
Cross-chain bridges absorbed the largest share. Bridge exploits reached $351 million, roughly 46% of Q2 losses, with two Lazarus Group attacks driving most of the total.
Drift Protocol lost $280 million on April 1. Seventeen days later, the same group's TraderTraitor unit took $293 million from KelpDAO on April 18 by compromising LayerZero's off-chain verification nodes and feeding the bridge falsified burn transactions.
Chainalysis attributed both attacks to North Korea's Lazarus Group. Together, the two incidents account for more than three-quarters of Q2's dollar total. The other 81 incidents averaged under $2.3 million each.
Immunefi CEO points to AI
Mitchell Amador, Immunefi's CEO, attributed the record frequency to a structural shift. AI models have created a "vulnerability apocalypse," he told CoinTelegraph, giving attackers an edge by making it easier to find vulnerabilities at scale than to audit and patch them.
That makes Q2's record different from a normal exploit cycle. Dollar losses were concentrated in two Lazarus-linked bridge attacks, but the incident count points to a broader change in how quickly attackers can search for weak code.
The dollar record still stands
The incident count is a record. The dollar figure is not. Q4 2020 remains the costliest quarter at $3.56 billion, when DeFi carried far larger TVL.
Q2 2026 shows the opposite pattern: more frequent hacks, smaller average losses, and a bridge sector still exposed to single compromises that can dominate an entire quarter's loss total.
