DeFi Rises After $280M Drift Protocol Exploit

After the $280 million Drift Protocol exploit on April 1, at least 12 DeFi protocols and crypto businesses have been attacked for more than two weeks.

Attacks targeting crypto protocols or companies since early April include CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, BSC TMM, Aethir, MONA, Zerion and, most recently, Rhea Finance and the Grinex exchange.

Drift Protocol was hit on April 1 in one of the biggest exploits this year, losing around $280 million to a long-running social engineering attack suspected to involve actors linked to North Korea.

The attacks also come this month amid concerns that the advancement of AI models, such as Anthropoc's Clod Mythos and similar models, will eventually make it easier for cyber attackers.

Rhea Finance was exploited for 7.6 million dollars

Diffie Protocol's Rhea Finance reported on Thursday that an attacker “exploited a vulnerability in Rhea's Margin Trading feature to execute a coordinated pooling fraud attack, affecting Rhea's Lend smart contract.”

Around $7.6 million was raised, according to blockchain security firm CertiK.

“The attacker creates fake agreements and adds liquidity to new pools, which fools the authentication and authentication layer,” he explained.

Meanwhile, the Russian-linked Grinex exchange suspended operations on Thursday after a $13.7 million transaction, blaming “unfriendly countries” for the raid.

Related: Stablecoin Issuer Circle Sued Over $280M Drift Protocol Hack

Another attack this month targeted the Binance Smart Chain TMM/USDT liquidity pool, which suffered a standby fraud attack that resulted in a loss of $1.67 million in early April, R3ACH network analyst Jussi said on Thursday.

This comes just days after bridge aggregator Dango lost $410,000 from a smart contract error on April 13.

That same month, $392,000 was lost in an April 9 access control exploit of Oracle's decentralized GPU cloud computing platform ATR when lending protocol Silo Finance was misconfigured on April 3.

DPRK has ramped up its AI social engineering attacks

The Drift Protocol and Zerion Wallet exploits were two examples of groups with ties to the Democratic People's Republic of Korea using AI and social engineering to infiltrate crypto companies to steal credentials and funds.

Malicious actors stole more than $168.6 million in cryptocurrency from 34 DeFi protocols in the first quarter of 2026.

Magazine: Forget stablecoin production, how does the CLARITY Act see DeFi?

Cointelegraph is committed to independent and transparent journalism. This news article is prepared in accordance with Cointelegraph's Editorial Policy and aims to provide accurate and up-to-date information. Readers are encouraged to verify information independently. Read our editorial policy