In June 2026, hackers stole nearly $76M across 40 crypto project hacks. We break down PeckShield’s latest report.
In the first month of summer 2026, crypto platforms lost about $75.87M across 40 hacking attacks. According to cybersecurity firm PeckShield, that’s 7.13% lower than May’s losses.
Hot topic: Bitcoin ETF Inflows Hit Worst Month Ever With $4.5B Outflows
The most common attack vectors were crypto bridge vulnerabilities, smart contract flaws, and compromised private keys. The biggest loss came from the Humanity Protocol attack, where hackers stole more than $30M.
Since the start of 2026, the industry has lost more than $750M, with the bulk coming from two April hacks–Drift Protocol and KelpDAO.
Contents
Humanity Protocol, Syscoin Bridge, and MEV Bot: June’s Biggest Attacks
The Humanity Protocol hack was the month’s largest incident. Hackers gained access to private keys stored on a developer’s malware-infected computer. The stolen funds were moved across multiple networks, including Bitcoin (BTC), Solana (SOL), Hyperliquid (HYPE), and BNB Chain (BNB).
Quantstamp noted that the attacker used tools and methods often associated with North Korean hacking groups. PeckShield also noted that the stolen assets were mixed with funds from the KelpDAO hack, “which may indicate a connection between the perpetrators of these two incidents.”
The second-largest hack was the Syscoin bridge exploit, with damages estimated at $10M. The attacker exploited a validation vulnerability and minted unauthorized SYS tokens without a corresponding burn. Well-known MEV bot JaredFromSubway.eth lost $7.5M in an exploit. Hackers also drained $4.67M from the Secret Network ecosystem.
Read more: What Is MEV? Sandwich Attacks Explained
Aztec and Some Other June Incidents
Two separate incidents targeted abandoned Aztec products. Hackers drained $2.16M from Aztec Payments and another $2.1M from Aztec Connect–totaling nearly $4M. Both services were officially shut down years ago, and Aztec Labs has no access to the affected systems and cannot update or pause them.
Polymarket users lost $3M in a phishing attack that injected a malicious script via a third-party provider. SecondFi and TESSERA lost a combined $2.4M. The Taiko bridge exploit rounded out the top ten at $1.7M. Other attacks included Token of Power ($1.58M), Raydium ($1.34M), and LABUBU/OLPC ($1.1M).
Learn more: Best Smart Wallets 2026 — Safe, Argent, Coinbase Smart Wallets Ranked for Security and Ease of Use
