Q2 2026 Record Crypto Hack Wave

2025-09-01

Alleged start of multi-month Lazarus Group social engineering campaign against Drift Protocol contributors, with operatives posing as quantitative trading firm representatives at crypto conferences

2025-12-01

North Korean operatives formally onboard an Ecosystem Vault on Drift Protocol, depositing over $1 million to establish credibility; integration conversations begin

2026-02-01

Drift attack operatives begin distributing malicious Visual Studio Code projects and fake wallet applications via Apple TestFlight to targeted contributors

2026-03-12

U.S. Treasury OFAC designates six individuals and two entities for facilitating North Korean IT worker schemes that generated nearly $800 million in 2024

2026-04-01

Drift Protocol drained of approximately $285–295 million in approximately 12 minutes via zero-timelock governance migration and fabricated CarbonVote Token oracle manipulation; operatives delete all evidence immediately after execution

2026-04-18

KelpDAO bridge exploited for approximately $292–293 million at 17:35 UTC via compromised RPC nodes and DDoS attack forcing LayerZero's single-verifier configuration to rely on poisoned servers; contracts paused 46 minutes later

2026-04-20

LayerZero attributes KelpDAO exploit with preliminary confidence to North Korea's Lazarus Group and TraderTraitor subunit; places configuration responsibility on KelpDAO

2026-04-21

TRM Labs reports North Korean operators linked to Lazarus Group have drained over $575 million from DeFi across just two attacks in 18 days, representing 76% of all 2026 crypto hack losses through that date

2026-05-05

Drift Protocol outlines recovery plan for affected users: recovery tokens pegged at $1 per dollar of verified loss, backed by protocol assets, Tether support (up to $127.5 million), partner contributions (up to $20 million), and future exchange revenue

2026-05-05

KelpDAO publicly claims LayerZero had approved the single-verifier setup that was exploited, contradicting LayerZero's earlier statements

2026-05-09

LayerZero reverses its position and admits it 'made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions'; announces migration to minimum 3-of-3 or 5-of-5 verifier configurations

2026-05-15

THORChain exploited for approximately $10.7–11 million across nine blockchain networks via alleged GG20 TSS vulnerability exploited by a newly churned node operator; automated halt triggers within minutes, freezing trading for approximately 13 hours

2026-06-09

Humanity Protocol suffers private key theft via phishing email impersonating Bithumb; attacker drains approximately 17 project wallets for $32–36 million; $H token crashes 80–90%

2026-06-25

Q2 2026 formally closes; multiple reports confirm 83 incidents and approximately $755.3 million in total losses, making it the most-hacked quarter on record by incident count