“Rather than a few giga exploits, it’s been a constant stream of smaller attacks.”
That pattern marks a departure from the mega-heists that defined earlier years, when a handful of nine-figure bridge and protocol exploits drove annual totals. Attackers seem to be spreading their efforts across many lower-value targets rather than chasing single, headline-grabbing scores (a strategy that is harder for the industry to track and defend against).
With the quarter not even done, the final tally could climb further. Auditors warn the sector is running close to one attack per day, and the steady drip of mid-sized exploits keeps pressure on bridges, key management and incident response.
The data offers one sliver of relief, which is that smaller average losses suggest better segmentation of funds, even as the sheer number of successful attacks hits a record. Whether protocols can slow the cadence and not just cap the damage will define the rest of 2026.
