Crypto Industry Loses Over $75 Million to 40 Attacks in June 2026
Crypto platforms lost $75.87 million across 40 hacks in June 2026, with Humanity Protocol's $30 million breach topping the list. PeckShield's report links the attack to North Korean hacking techniques and cross-chain laundering activity.
Blockchain security firm PeckShield has released its monthly threat report, revealing that crypto platforms collectively suffered $75.87 million in losses across 40 separate incidents throughout June 2026. The findings highlight persistent vulnerabilities in the sector, with cross-chain bridges, smart contract flaws, and stolen private keys continuing to serve as primary attack vectors.
The June total represents a 7.13% decrease compared to May 2026, when losses reached $81.7 million — a modest improvement that nonetheless signals the industry's ongoing struggle with security.
The single largest incident of the month involved Humanity Protocol, which accounted for more than $30 million in stolen funds. Investigators determined that attackers gained access to private keys that had been stored as backups on a developer machine compromised by malware. Security researchers at Quantstamp noted that the tools and methods employed in the attack closely resemble those linked to North Korean state-sponsored hacking groups. Following the theft, the stolen assets were laundered across multiple blockchain networks, including Bitcoin (BTC), Solana (SOL), Hyperliquid (HYPE), and BNB Chain. PeckShield also flagged that the laundered funds appear to have been mixed with assets tied to the KelpDAO exploiter, raising concerns about a possible connection between the two threat actors.
The second-largest breach involved Syscoin Bridge, where an attacker managed to mint unauthorized SYS tokens, resulting in a $10 million loss. A JaredFromSubway.eth Maximal Extractable Value (MEV) bot was subsequently drained for $7.5 million, and Secret Network suffered a $4.67 million theft.
Among the more unusual incidents were two attacks targeting products associated with Aztec — both of which had been officially retired years prior. Aztec Payments Product lost approximately $2.16 million, while Aztec Connect was drained for $2.1 million, bringing the combined Aztec-related losses close to $4.3 million. Aztec Labs stated publicly that it had no control over the affected systems, as both were immutable smart contracts that had been deprecated and sunset in 2022. The fact that these dormant contracts were still holding funds and remained exploitable highlights a growing risk: abandoned infrastructure continues to present real financial exposure long after development teams have moved on.
Additional losses in June included $3 million from Polymarket users who fell victim to a targeted phishing campaign. SecondFi and TESSERA together accounted for another $2.4 million in combined losses, while a Taiko Bridge exploit rounded out the top ten incidents with $1.7 million stolen.
June's attack landscape underscores several enduring challenges for the crypto ecosystem. Cross-chain laundering has become a standard tactic for sophisticated threat actors, making asset recovery increasingly difficult. Meanwhile, the targeting of deprecated contracts demonstrates that old code — even when no longer actively supported — can remain a liability for years. Security professionals continue to urge development teams to ensure that retired products are not only taken offline but also completely drained of any remaining assets to eliminate residual risk.


