Crypto's Worst Quarter for Hacks Was Really About Scams

By SimpleSwap | SimpleSwap Blog | 2 hours ago

Q2 2026 set a record with 83 exploits and $755 million stolen. Strip out a couple of giant protocol breaches, though, and the real danger to an individual holder was never the code, but the con.

The numbers from last quarter read like an industry-wide security failure. Between April 1 and June 24, 2026, attackers carried out 83 separate exploits and made off with roughly $755 million, the highest number of incidents ever recorded in a single quarter. Cross-chain bridges absorbed the worst of it at $351 million.

Look closer at that dollar figure, though, and it bends around a handful of events. A breach of the LayerZero OFT bridge drained $293 million from KelpDAO, and a separate hit on Drift Protocol took another $280 million. Two incidents, in other words, account for more than $570 million of the $755 million stolen. Neither one touched an ordinary self-custody wallet.

The smaller attacks kept coming right up to the close. Hackers pulled $36 million from Humanity Protocol on June 8, with the security firm Quantstamp tracing the funds toward North Korean operators. The Taiko bridge lost $1.7 million to a compromised chain-verification mechanism, and THORChain gave up $10.7 million in mid-May. Then, a wallet-generation flaw at SecondFi, the Cardano service formerly known as Yoroi, opened losses that external analysts warned could reach roughly $20 million.

Read as a headline, this is the story of a market that cannot keep its money safe. Read against your own wallet, it is something else.

3cee9a3c2d3d53fd72ff6e62b61896f151da51a3c451efc626f65ec7f6039774.jpg

Source: CryptoRank https://x.com/CryptoRank_io/status/2069716397119111172/photo/1 

 

Strip Out the Giants and the Picture Inverts

Take the giant protocol breaches out of the math, and the risk facing an everyday holder looks nothing like the headline. The money that leaves individual wallets tends to exit through a quieter door.

TRM Labs found that 76 per cent of 2025's losses came from infrastructure attacks, meaning keys and seed phrases extracted largely through social engineering. Code-level exploits accounted for just 12 per cent. Our partner, AMLBot, reached a similar conclusion from a different angle, attributing 65 per cent of the $11.36 billion in scam losses to social engineering rather than to any technical breach.

The biggest individual theft of 2026 makes the point on its own. At $282 million, it involved no code exploit at all. The victim was talked into surrendering a seed phrase to someone posing as Trezor support. The chain held. The person operating it did not.

The Con Has Scaled Faster Than the Code

Fixating on "the worst quarter for hacks" quietly points attention at the wrong threat. The growth in crypto crime is not in clever contract bugs. It is in impersonation, which Chainalysis clocked climbing 1,400 per cent.

That surge shows up everywhere an individual looks. A counterfeit Ledger Live app siphoned $9.5 million after slipping onto the App Store. Printed letters dressed up as official Ledger or Trezor mail now land in real mailboxes, each bearing a QR code linking to a lookalike site. Address poisoning has crossed 270 million attempts against more than 17 million wallets. The SecondFi breach already has a second act, with fraudsters posing as the project and pushing fake recovery tools at the very people who just lost funds.

Reading scam intent has become a core survival skill rather than an advanced one. SimpleSwap's guide on how to spot a crypto scam and stop it breaks down the signals behind each of these schemes, from address poisoning to fake support, along with the habits that stop them before they reach your keys.

What an Account Quietly Costs You

Here is where the custodial exchange model carries a hidden charge. A balance held by someone else, accessible via a login, is exactly what an impersonator needs to get to work. The fake "exchange support" chat, the "your account has been compromised, confirm your sign-in" email, the cloned 2FA prompt, the SIM-swap timed to intercept a one-time code: each of these relies on there being funds to seize and a custodian to impersonate.

Put plainly, a custodian is a target. Wherever a company holds your money and your credentials, there is a role worth impersonating and a sum worth chasing.

A Model With Nothing to Impersonate

This is the part of the threat a swap aggregator can actually design around. SimpleSwap is self-custodial and wallet-to-wallet, so it never holds a balance for you and never sits between you and your funds as a custodian. That strips out the targets a custodial platform creates: a support desk for someone to imitate and a pool of customer funds to drain. Your keys stay with you, and so does responsibility for the human layer that fraudsters now spend most of their energy attacking.

"Most of these losses never touch the protocol," says Stefan Lauer, Head of Infrastructure at SimpleSwap. "Someone sends a letter or spins up a fake support channel, and the person hands over the keys before any exploit is even attempted. When there is no account and no balance sitting on our side, that whole script has nothing to run against."

The record number of exploits last quarter is real, and so is the lesson beneath it: the protocol layer keeps getting harder to break, while the human layer is where the money increasingly goes. In an age of impersonation, the cleanest defense is leaving an attacker nothing to impersonate.

Cryptocurrency Bitcoin (BTC) security

How do you rate this article?

6
SimpleSwap
SimpleSwap Verified Member

SimpleSwap is a self-custodial multi-source swap aggregator that helps users exchange crypto wallet-to-wallet with more privacy and control. It supports swaps across 20+ liquidity providers and 2,800+ assets, combining CEX and DEX liquidity under the hood

SimpleSwap Blog
SimpleSwap Blog

SimpleSwap is a self-custodial multi-source swap aggregator that helps users exchange crypto with more privacy and control, without comparing providers and routes themselves. It supports direct wallet-to-wallet swaps across 20+ liquidity providers and 2,800+ swappable assets, combining liquidity from well-known CEX and DEX sources under the hood.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
How much Bitcoin does BlackRock recommend in a portfolio? How much Bitcoin does BlackRock recommend in a portfolio?
Kim03

Kim03

12 hours ago
1 minute read

Why Big Tech Thinks an AI Cyber Crisis is Months Away (and How to Prepare) Why Big Tech Thinks an AI Cyber Crisis is Months Away (and How to Prepare)
Learn With Hatty

Learn With Hatty

2 hours ago
6 minute read

My Splinterlands adventure in 2026 - week 26 - As I go for some more Escalation cards My Splinterlands adventure in 2026 - week 26 - As I go for some more Escalation cards
Heruvim78

Heruvim78

23 Jun 2026
3 minute read