DeFi logged roughly 70 separate exploits between April and mid-June 2026, adding up to about $746 million in stolen funds, according to DefiLlama data cited by The Defiant.
The incident count roughly doubled the previous quarterly record, though the dollar figure sits below historical single-event peaks. Two events - the April 18 KelpDAO breach ($292M) and the April 1 Drift Protocol exploit ($285M) - account for the majority of losses.
The pattern matters because it shifts the primary DeFi threat vector. About 72% of 2026 losses stem from stolen keys and credential theft rather than smart contract bugs, per altFINS analysis, and Lazarus Group is linked to roughly 76% of global crypto hack losses this year. That points to a security problem that audits cannot fix on their own - it is an operational and people problem, not a code problem.
Watch whether major protocols move toward multi-verifier bridge configurations, insurance-pool responses in Q3, and any US Treasury sanctions activity tied to Lazarus-linked flows.




