TL;DR:
- Crypto market hacks totaled $75.9 million across 40 incidents in June, down 7.1% from the $81.7 million recorded in May.
- Humanity Protocol topped the list with a $31 million loss according to PeckShield, though the project’s own investigation raised that figure to $36 million.
- So far in 2026, hacks have already generated $750 million in losses, driven by two North Korea-linked attacks carried out in April.
Hacks targeting crypto protocols and projects totaled $75.9 million in losses during June 2026, spread across 40 major incidents, according to a report by blockchain security firm PeckShield. The recorded figure represents a 7.1% drop compared to the $81.7 million logged in May, though it does not signal any structural improvement in the ecosystem.
The largest attack of the month was the exploit on Humanity Protocol, which according to PeckShield’s count reached $31 million. Onchain analyst Specter was the first to report, on June 9, that wallets linked to the project had been drained. The protocol’s internal investigation later raised the figure to $36 million. Protocol founder Terence Kwok attributed the hack to the leak of a private key.
#PeckShieldAlert In June 2026, the crypto space experienced 40 major hacks, resulting in total losses of $75.87M — a 7.13% month-over-month decrease from May ($81.7M).
Both #Aztec Bridge & #Aztec Connect were targeted within the same month, with combined losses of ~$4M.
The… pic.twitter.com/C9Na7EN422
— PeckShieldAlert (@PeckShieldAlert) July 1, 2026
Even the Hackers Became Victims
The second most costly hack was that of Syscoin Bridge, which lost $10 million due to a validation flaw that allowed an attacker to mint billions of SYS tokens without backing and without the corresponding burn process. Third place went to an unusual case: a bot associated with the address JaredFromSubway.eth, known for executing MEV sandwich attacks, was exploited and lost $7.5 million, turning the predator itself into a victim.
Secret Network, Polymarket users, SecondFi, and TESSERA were also involved in the month’s most significant attacks. Individual losses ranged between $2.4 and $4.67 million. The legacy infrastructure of Aztec was also hacked twice: PeckShield detected $2.16 million in losses at Aztec Bridge and another $2.1 million from Aztec Connect. Both are immutable contracts that the Aztec Foundation declared it no longer controls or can pause, eliminating any possibility of recovering funds.
One Actor Behind Multiple Attacks
PeckShield warned that the Humanity Protocol exploit laundered the stolen funds through Bitcoin, Solana, Hyperliquid, and BNB Chain. Part of the money was mixed with funds linked to the attack on Kelp DAO. The firm noted that this pattern suggests a single actor could be behind both attacks.
According to blockchain intelligence firm TRM Labs, hacks carried out in 2026 have already surpassed $750 million in losses, driven almost entirely by two attacks executed in April and attributed to groups linked to North Korea: the exploit on Drift Protocol for $285 million on April 1, and the draining of Kelp DAO‘s LayerZero bridge for $292 million on the 18th of the same month.






