Crypto-related thefts declined in June after several months of heavy losses, although attackers continued targeting blockchain projects through private key compromises and bridge vulnerabilities. Blockchain security firm PeckShield reported about $75.9 million stolen across 40 major incidents, marking a 7.1% decrease from May's $81.7 million.
Even so, the monthly decline did little to slow the year's overall losses. Data from blockchain intelligence firm TRM Labs showed crypto hacks and exploits have already cost the industry more than $750 million in 2026, with two large attacks recorded earlier this year accounting for a major share of that total.
Humanity Protocol recorded the biggest security breach during June. PeckShield estimated the exploit at about $31 million, while the project's internal investigation later placed losses closer to $36 million. According to the project, attackers gained access after compromising a private key linked to the protocol's bridge administration.
Founder Terence Kwok said the breach resulted from a compromised private key. Humanity Protocol also stated that attackers accessed bridge administration on Ethereum and BNB Chain after compromising a developer's laptop. The project said the incident allowed hackers to drain wallets and mint about 447 million H tokens. Reports also stated that the exploit triggered an 80% to 90% decline in the token's market price. Humanity Protocol added that it is preparing a recovery plan, including a possible 1:1 token airdrop for affected users. Meanwhile, reports linked the attack to North Korea's Lazarus Group, although investigations remain ongoing.
Kwok said, "The breach resulted from a compromised private key." The company also confirmed that the recovery process remains under development while investigators continue tracing the stolen assets.
Beyond Humanity Protocol, several blockchain projects also suffered large losses during June. PeckShield reported that Syscoin Bridge lost about $10 million after attackers exploited a validation flaw that allowed billions of unsupported SYS tokens to be minted without the required token burn.
A bot associated with the address JaredFromSubway. eth also lost about $7.5 million after being targeted by another exploit. Other affected platforms included Secret Network, Polymarket users, SecondFi and TESSERA, with reported losses ranging between $2.4 million and $4.67 million.
Meanwhile, Aztec's deprecated infrastructure was exploited twice during the month. PeckShield tracked approximately $2.16 million stolen from Aztec Bridge and another $2.1 million from Aztec Connect. According to the Aztec Foundation, both immutable contracts are no longer under its control and cannot be paused. Combined losses reached about $4 million.
The remaining projects in PeckShield's top ten included Taiko Bridge, Token of Power, Raydium and LABUBU/OLPC, with each incident resulting in losses exceeding $1 million.
Although June recorded a lower monthly total, overall crypto losses during 2026 remain elevated. TRM Labs estimated that hackers have already stolen more than $750 million this year. According to the firm, two attacks linked to North Korea accounted for much of those losses.
On April 1, Drift Protocol lost about $285 million after attackers reportedly spent months using social engineering tactics against governance signers. Later, on April 18, Kelp DAO's LayerZero bridge lost approximately $292 million after attackers compromised its verifier network.
Meanwhile, PeckShield reported that the Humanity Protocol exploiter has moved stolen assets across Bitcoin, Solana, Hyperliquid, and BNB Chain. The firm also found that some funds were mixed with assets connected to the separate Kelp DAO exploit. PeckShield said this pattern ‘raises the possibility the same threat actor is behind both attacks,’ though no final attribution has been confirmed.
Also Read: April 2026 Crypto Hacks Hit $606M in 18 Days Across DeFi Platforms