PeckShield data: crypto hack losses dropped to $75.9 million in June
7/3/2026, 07:00 AM • Евгения Слив

In June 2026, crypto hackers stole approximately $75.9 million across 40 major incidents, representing a 7.1% decrease from May's $81.7 million. The data comes from PeckShield in its monthly report. The largest incident of the month was the breach of Humanity Protocol: initial loss estimates stood at $31 million, but following an investigation the project team revised the figure closer to $36 million. Project founder Terence Kwok linked the incident to a compromised private key, while Quantstamp experts suggested that North Korean hackers might be behind the attack, pointing to several characteristic patterns in the method used. According to analysts, the stolen funds were laundered through Bitcoin, Solana, Hyperliquid, and BNB Chain, with some of the assets becoming mixed with funds tied to April's KelpDAO exploit, leading to speculation that the same group might be responsible for both attacks.
The second-largest incident of June was the Syscoin Bridge attack, with losses totaling $10 million. A validation mechanism flaw allowed the attacker to mint billions of unbacked SYS tokens without the corresponding burn, thereby breaking the bridge's balance. Also among the major breaches were an attack on an MEV bot linked to the address JaredFromSubway.eth ($7.5 million), as well as attacks on Secret Network, Polymarket users, SecondFi, and TESSERA, with losses ranging from $2.4 million to $4.67 million. PeckShield separately noted two attacks on Aztec's legacy infrastructure: Aztec Bridge losses were estimated at $2.16 million, and Aztec Connect at another $2.1 million, bringing the total to about $4 million. These were immutable contracts over which developers no longer have any control and cannot be paused, highlighting the risks of maintaining outdated infrastructure over the long term.
Other June incidents in the top 10 included the Taiko Bridge breach ($1.7 million), Token of Power ($1.58 million), Raydium ($1.34 million), and the LABUBU/OLPC pool on PancakeSwap ($1.1 million). Despite the monthly decline in losses, the broader context remains concerning: in the second quarter of 2026, the industry set an anti‑record with 83 hacking incidents, while cumulative damages for the three months totaled $755.3 million, according to Unfolded. This indicates that even as the average loss per attack decreases, the overall number of vulnerabilities and attack vectors remains high, requiring projects to pay increased attention to smart contract and infrastructure security.
