Crypto Hacks hit $630 million in April as DeFi controls losses
The cryptocurrency industry saw a spike in hacking in April, with $600 million lost in the worst month of crypto hacking in over a year.
According to DeFillama, the total value stolen in April reached $629.7 million, the highest since $1.47 billion in February 2025. With KelpDAO's $293 million in hacks and Drift Protocol's $280 million in exploits accounting for 82 percent of the monthly losses, decentralized finance took over the previous month.
Source: DeFillama
The scale of losses in a handful of large DeFi events shows how a small number of attacks can still defeat broader security improvements in the sector. The root causes of the hacks also revealed that the biggest threats are linked to bridges, privileged access and operational failures rather than simple smart contract errors.
Related: Russia-linked crypto exchange Grinex ceases trading after $14M hack
April DeFi hacking losses increase
One of the latest attacks involved the DeFi derivatives platform's Wasabi protocol, and at the time of writing, around $5.5 million has been extracted from the ongoing exploits on the Ethereum, Base, Blast, and Berachain networks, according to Certik.
Recent attacks include the move-to-earn crypto platform Lab Economy, which lost about $3.46 million, or 65% of its liquid pool, in less than 30 seconds. The protocol later said that stolen funds were blocked on MEXC shortly after the incident, and recovery efforts are underway.
Source: Jus
Aftermath Finance, a decentralized trading platform based on the Sui blockchain, was also among the latest DeFi hacks, suffering from an exploit on the sustainable platform. According to Blockaid, the attacker lost about $1.1 million in 11 transactions in 36 minutes.
Related: Andre Cronje says DeFi is ‘no longer DeFi' as builders debate circuit breakers
Chainalysis says attackers are exploiting off-chain systems, not modern contract flaws
April's increase in crypto exploits reflects a shift from smart contract vulnerabilities to sophisticated, multi-level attacks targeting chain infrastructure, Yaniv Niesenboim, head of security solutions at Chainalysis, told Cointelegraph.
“What connects these events is that well-resourced attackers are finding new ways to exploit the connections between on-chain protocols and the offchain systems they rely on,” Nissenboim said.
These entry points include compromised remote procedure call (RPC) nodes, breaches of cloud key management systems and long-term social engineering campaigns, he said. In most cases, on-chain transactions still appear completely legitimate, even though the infrastructure or human access layers have already been compromised.
Real-time monitoring and automated defenses are becoming critical, Nissenboim said, citing anomalies such as irregular creation patterns and chain conflicts that can be detected in real-time. In one case, early detection helped prevent the theft of nearly $95 million in a second KelpDAO incident, he added.
Worst month for DeFi on record?
Mayer Dolev, founder of Syverse, told Cointelegraph that the April spill was triggered by a few “accurate hits,” as attackers are targeting highly liquid protocols. He said the month was among the worst for DeFi hacks in five years due to losses caused by social engineering and chain complexity.
Hacken was more emphatic in his assessment, saying that April was the worst month on record for DeFi losses, mainly due to breaches by Kelp and Drift. The organization attributed the attack to actors linked to the Democratic Republic of Korea (DPRK), which targeted exchanges and DeFi protocols from crypto-theft campaigns.
RELATED: North Korea linked to $578m worth in April after Kelp Dao exploitation
Analysts at Standard Chartered, led by Geoffrey Kendrick, say the KelPDAO incident is not a fatal setback for the sector, but a sign of Defi's growing resilience.
“While the recent KelpDAO hack and its impact on AAVE raise questions about the continued growth of DeFi banking, we expect growth to continue as the maturing DeFi industry puts solutions in place to reduce exposure,” the bank said in a Wednesday research note published by Cointelegraph.
Magazine: AI-Driven Hacks Could Kill DeFi – Unless Projects Act Now
