Crypto hacks hit record high in April as 20+ exploits shake DeFi

Hackers stole over $625 million across 20 to 30 separate attacks in April 2026 alone. That’s nearly one attack every single day. DefiLlama posted a chart on X showing that April averaged nearly 1 attack per day, compared with previous monthly records that rarely exceeded 12 to 15 incidents.

This outstripped the total for all previous quarters, pushing the month toward a record high for security breaches.

Why did two attacks cause almost all the damage?

Several high-impact incidents defined the month. On April 1, 2026, the Drift Protocol lost $285 million. A North Korean group spent about six months building trust with Drift employees, only to steal the funds in 12 minutes using pre-signed withdrawal instructions.

As earlier reported by Cryptopolitan, KelpDAO followed suit on April 18, losing $293 million after attackers tricked its system into releasing tokens with no real backing.

Both attacks originated from North Korea, but used different methods, demonstrating a level of sophistication the DeFi industry was not ready for. Together, these two incidents alone accounted for the majority of April’s losses. This shows how a small number of sophisticated attacks can destabilize large portions of the DeFi ecosystem.

Why did one hack freeze billions in money that had nothing to do with KelpDAO?

The group behind the KelpDAO attack deposited the stolen tokens as collateral on Aave and borrowed nearly $190 million in real Ethereum against them. 

Aave was now holding worthless tokens as security for real loans, and the platform’s deposits fell from $26.4 billion to around $17.9 billion in just 48 hours. Stablecoin pools on the platform hit 100% utilization, and according to Galaxy Research, Aave’s bad debt rose to between $123.7 million and $230 million.

Over $13 billion exited DeFi protocols within days of the attack as users panicked and began withdrawing funds. Platforms like Morpho, Spark, Lido, Yearn, Beefy, and Ethereum itself froze certain operations due to massive outflows as trust across the industry broke down.

None of these accounts for the collateral damage seen across TVL, user trust, valuations, and the space’s morale. DeFi remains a niche market until risk can be properly priced.” DeFi analyst, as quoted by BeInCrypto.

Who is responsible, and how much have they stolen in total?

According to TRM Labs, government-backed hacking units in North Korea were responsible for 75% of all crypto hack losses through April 2026 ($577 million out of a total $759 million).

As documented by the United Nations, the US Treasury, and multiple blockchain intelligence firms, North Korea steals crypto to fund its government and weapons programs due to severe international sanctions. TRM Labs reported that North Korea stole over $6 billion in crypto since 2017.

“What we are watching is not a North Korean campaign that is broader — it is one that is sharper,” Ari Redbord, Global Head of Policy and Government Affairs at TRMLabs, said. “North Korea is moving faster and more precisely than ever.”

What happened to the rest of April, beyond the two big attacks?

Rhea Finance lost $18.4 million on April 10. Tether froze $3.29 million of those funds in time, but the attacker used flash loans to manipulate prices and drain the pool of the remaining amount.

Similarly, the crypto exchange in Kyrgyzstan, Grinex, lost $13.74 million in USDT on April 15 after hackers split the funds across 54 wallets and converted them into SunSwap to make them difficult to track. Hyperbridge also lost $2.5 million on the Polkadot network, and CoW Swap $1.2 million on April 14.

Onchain analyst Wazz posted on X on April 29, saying, “Hundreds of wallets (many of which haven’t been active in 7+ years) just got drained by the same address on ETH mainnet.” He added, “Seems like a new live exploit, worth flagging.”

It didn’t end there, though, because Wasabi Protocol lost approximately $5 million on the last day of April after an attacker used a compromised deployment key to exploit the system

Is DeFi getting safer or more dangerous?

Both, depending on how you look at it. For example, response times after attacks have greatly improved over the years, as more than 14 organizations pledged over $300 million to the DeFi United rescue fund after the KelpDAO incident.

The Arbitrum Security Council even froze $71 million of the attacker’s funds using emergency powers, something that was never possible a few years ago. 

However, the attacks are also evolving faster than defenses can keep up, because the two biggest April incidents exploited human manipulation. Years ago, most hacks exploited bugs in the smart contracts.

If losses continue at this rate, with the same number of hacks, the industry might lose about $7.5 billion in the coming months. That’s 3 times the losses in 2024.

If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.