Crypto Hackers Steal $168 Million From DeFi Protocols In Q1 2026
Cryptocurrencies stole more than $168.6 million from 34 decentralized finance (DeFi) protocols in the first quarter of 2026, a sharp drop from the same period last year, according to data from Defillama.
A $40 million private key agreement in January was the biggest exploit of Tier Finance of the quarter, the data showed, followed by a smart contract scam that drained $26.4 million of Ether (ETH) from Trubit on January 8. The third largest was a private key deal targeting stablecoin issuer Resolv Labs on March 21st.
In the year The quarterly figure is the lowest since the industry saw $1.58 billion stolen in the first quarter of 2025, with the highest amount coming from $1.4 billion in Bybit exploitation. However, experts caution that crypto hacking is not tied to certain times of the year.
As the industry grows, hackers become more active
Nick Percoco, chief security officer at crypto exchange Kraken, told Cointelegraph that cybercriminal activity in crypto tends to spike around market and event-driven cycles rather than specific periods.
Threat actors also gravitate to areas where liquidity is concentrated, meaning exploits often follow wherever value is concentrated, Percoco said.
“Bull markets, major product launches and rapid growth rates create more attractive conditions for attackers because more valuable and new infrastructure can pose a threat,” he said.
“That said, attacks are not limited to these periods. Vulnerabilities can be exploited in any market environment, especially in complex or rapidly evolving systems, underscoring the need for security in crypto to be continuous.”
Crypto attackers are a “broad and growing mix.”
Actors linked to North Korea have become a constant threat to crypto investors and Web3-native companies.
Hackers linked to the organization have been implicated in a number of attacks, including Wednesday's attack on Drift Protocol, a decentralized cryptocurrency exchange that suffered an estimated $285 million in private key leaks.
Related: Hacked crypto tokens lose 61% on average and rarely recover, says Immunefi report
According to Percoco, the threat landscape includes multi-level actors, highly integrated groups of core infrastructure, organized cybercriminal networks and opportunistic hackers exploiting vulnerabilities in smart contracts and client-facing systems.
“It's a broad and evolving mix, but ultimately they're targeting the same thing: global, liquid, and accessible value. Targeting is rarely just random. In many cases, attackers are intentional about how they evaluate infrastructure, code, access controls, and human behavior,” he said.
“At the same time, crypto's transparency makes it easier for opportunistic actors to spot vulnerabilities as they emerge. The most attractive targets are those with a combination of high value, technical complexity, and gaps in operational security.”
Security experts previously told Cointelegraph that 2026: Sophisticated credential theft, social engineering, and AI-powered attacks may increase.
Magazine: All 21 Million Bitcoins From Quantum Computers Are At Risk
