Crypto platforms lost roughly $75.87 million to 40 hacks in June 2026, according to security firm PeckShield.

The monthly total reinforces a familiar pattern for the sector, where bridges, smart contracts, and compromised keys remain the most common failure points.

Humanity Protocol Exploit Tops June Crypto Hacks

According to PeckShield, June’s figure marks a 7.13% decline from May’s $81.7 million. The Humanity Protocol breach headlined June with over $30 million in losses. Attackers compromised private keys that had been backed up to a malware-infected developer machine.

According to Quantstamp, the attacker relied on tooling and techniques commonly associated with North Korean hacking groups.

The exploiter has since laundered proceeds across multiple networks, including Bitcoin (BTC), Solana (SOL), Hyperliquid (HYPE), and BNB Chain.

These funds have also been commingled with proceeds linked to the KelpDAO exploiter, suggesting a potential overlap between the threat actors behind both incidents,” the security firm said.

Follow us on X to get the latest news as it happens

Syscoin Bridge followed with a $10 million loss after an attacker minted unauthorized SYS tokens. The JaredFromSubway.eth Maximal Extractable Value (MEV) bot lost $7.5 million, while Secret Network was drained for $4.67 million.

Aztec Products Hit Despite Years of Dormancy

Two separate attacks targeted Aztec-linked products within the month. Aztec Payments Product lost $2.16 million, and Aztec Connect lost $2.1 million, for a combined total near $4 million.

Both products had been deprecated years earlier, and Aztec Labs said it held no control over the affected systems.

We are investigating a potential exploit affecting a deprecated Aztec payments product from 2021. ~$2m was transferred from the immutable smart contract in transaction:https://t.co/FS4JoNnfiJThe deprecated product is an immutable stage 2 rollup that was sunset in 2022.…

— Aztec Labs (@AztecLabs_) June 18, 2026

Other June incidents included Polymarket users losing $3 million after reportedly being targeted in a phishing campaign, along with $2.4 million in losses for SecondFi and TESSERA. The Taiko Bridge exploit closed out the top 10 at $1.7 million.

With both deprecated code and cross-chain laundering in play, June showed that old contracts remain in attackers’ crosshairs long after teams walk away.

Subscribe to our YouTube channel to watch leaders and journalists provide expert insights