Q2 2026 DeFi hacks hit record 70 exploits, $746M lost
Q2 2026 DeFi hacks have reached a record pace, with roughly 70 exploits and about $746 million in losses, according to DefiLlama data cited by multiple crypto outlets. The figure matters now because the quarter is not only one of the most damaging for DeFi in dollar terms, but also the most active on record by incident count.[1][3]
Key Metrics
- Roughly 70 DeFi exploits were logged in Q2 2026, making it the most-hacked quarter on record by incident count.[1][3]
- About $746 million was lost across those incidents, underscoring that the damage remained concentrated even as attacks became more frequent.[1][3]
- April was the worst month in the quarter, with major breaches driving most of the dollar losses and setting the pace for the rest of Q2.[1][3]
- The loss profile points to recurring operational and security failures, not just a single outlier event, which keeps key-management risk in focus.[1][5]
- The pace of incidents suggests DeFi’s attack surface remains broad, with recurring pressure on protocols, bridges and access controls.[3][11]
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
The latest tally was first highlighted in a June 12 update based on DefiLlama’s hacks database, which tracks exploits across the sector.[1][3] The data show a quarter defined by both scale and frequency: while the total dollar loss is large, the more notable development is the number of separate incidents.
Q2 2026 DeFi hacks: a record quarter for incident count
DefiLlama’s data indicate Q2 2026 became the most-hacked quarter in DeFi history by exploit count.[1][3] That matters for market participants because repeated incidents tend to weigh more on sentiment than isolated losses, particularly when they hit across multiple protocols and attack vectors.
April accounted for the heaviest damage in the quarter, with reporting around the DefiLlama data pointing to a cluster of large breaches that set the tone for the rest of Q2.[1][3] Later incidents added to the total without changing the broader pattern: a market facing persistent security failures rather than one-off shocks.
| Quarter metric | Verified figure | Market implication |
|---|---|---|
| DeFi exploits in Q2 2026 | ~70 | Record high by incident count, signaling broader attack frequency[1][3] |
| Losses in Q2 2026 | ~$746M | Large absolute losses, though below some single-quarter dollar peaks[1][3] |
| Worst month in Q2 | April 2026 | Heavy concentration of losses early in the quarter[1][3] |
What the Q2 2026 DeFi hacks say about attack patterns
The incident mix suggests attackers continued to exploit recurring weaknesses in operational security, access management and infrastructure rather than relying on a single dominant flaw.[1][5] That is important because it makes the risk harder to isolate at the protocol level and more difficult to eliminate with one-off fixes.
In practical terms, this keeps pressure on protocols to improve key custody, permissions and incident response. It also reinforces a pattern market participants have been watching throughout 2026: the largest losses have often come from compromises around control, not only from code bugs.[5][11]
| Risk area | Evidence in the reporting | Why it matters |
|---|---|---|
| Operational failures | Repeated incidents across the quarter[1][5] | Raises the probability of continued exploit activity |
| Key compromise | Reporting points to access and credential issues as a recurring theme[5][11] | Increases exposure for protocols with weak controls |
| Infrastructure exposure | Bridges and related systems remain prominent targets[11] | Expands the blast radius when attacks succeed |
Why the DeFi hack count matters for markets
Analysts note that the record exploit count can matter as much as the headline dollar total because it can shape how users assess counterparty risk across DeFi.[1][3] In a market built on composability and rapid capital movement, repeated security failures can affect liquidity, trading activity and protocol adoption even when no single exploit threatens the broader ecosystem.
There is also a limitation in the data. The current figures are based on running incident tallies and can shift as late-reported losses are added or revisions are made.[1][3] That means the quarter’s final total may move, although the record-setting trend in exploit frequency is already established.
The downside scenario is straightforward: if the pace of attacks persists into the second half of the year, DeFi platforms could face heavier scrutiny from users, integrators and liquidity providers.[3][11] Interpretation based on available data, that would likely keep security and custody standards at the center of competitive positioning across the sector rather than allowing adoption to be driven by yield alone.
The main uncertainty is whether Q2 2026 marks a sustained change in attack intensity or a temporary spike driven by a small number of highly active threat actors.[1][5] For now, the clearest signal is that DeFi’s security problem has become more persistent, and that changes the risk profile for protocols competing for capital in the months ahead.
- https://whale-alert.io/stories/eec00163558fea/Q2-2026-DeFi-hack-count-hits-record-high-with-about-70-exploits-and-746M-stolen
- https://news.bitcoin.com/defillama-q2-2026-has-been-cryptos-most-hacked-quarter-on-record-with-nearly-70-exploits/
- https://www.spendnode.io/blog/defillama-q2-2026-most-hacked-quarter-record-june-2026/
- https://phemex.com/news/article/defi-exploits-double-in-q2-2026-746m-stolen-89211
- https://www.binance.com/en/square/post/333366359285586
- https://www.mexc.com/news/1065824
