• Defillama confirmed April 2026 as the most-hacked month in crypto history, with 28-30 incidents totaling over $625M stolen.
• Drift Protocol lost $285M on April 1, and KelpDAO lost $293M on April 18, together accounting for 93% of April losses.
• DeFi analysts warn that Q2 2026 faces intensified scrutiny on bridges and social engineering as attack frequency hits nearly one incident per day.

The record was not set by a single catastrophic event. Two large attacks drove the bulk of losses: Drift Protocol on Solana lost approximately $285 million on April 1 in a social-engineering attack linked to North Korea’s Lazarus Group, and KelpDAO lost roughly $293 million around April 18 through a Layerzero bridge message spoofing exploit. Together, the two incidents accounted for nearly 93% of April’s total losses.

Image source: X.

The remaining 26 or more incidents were mostly below $5 million, and many came in under $1 million. The pattern pointed to a broad attack surface hitting lending pools, vaults, staking contracts, oracle configurations, and cross-chain bridges simultaneously.

Defillama published a chart on April 30 showing the monthly incident count spiking to its highest level since the platform began tracking. Prior monthly peaks rarely exceeded 12 to 15 incidents. April 2026 averaged close to one attack per day.

Onchain researcher Stacy Muur also shared a running tally on April 29 on X, listing 24 confirmed hacks with losses exceeding $624 million and noting the month still had days remaining. Final figures pushed the incident count higher before the month closed.

April’s dollar losses rank as the worst since the February 2025 Bybit breach, which totaled approximately $1.4 billion. By incident count, however, April 2026 stands alone. Year-to-date through April, the industry recorded roughly 68 incidents and more than $1 billion stolen, already ahead of 2025’s pace excluding the Bybit event. April alone was 3.7 times larger than all of Q1 2026, which saw approximately $165 million lost across 35 incidents.

Smaller April incidents included Rhea Finance at $18.4 million, Grinex at $15 million, Volo Vault at $3.5 million, Hyperbridge at $2.5 million, Sweat Foundation at $3.5 million, and Wasabi Protocol at approximately $5 million on April 30. Dozens of additional exploits ranged from $50,000 to $1.5 million.

Following the KelpDAO hack, reports show more than $14 billion in total value locked (TVL) leaving DeFi protocols within days, with withdrawals concentrated in bridge and lending platforms.

Community reaction ranged from alarm to calls for structural change. Security researchers pointed to social engineering and access-control failures as the dominant vectors, moving beyond the smart-contract bugs that defined earlier years of DeFi exploits.

Calls for multi-signature key management, AI-assisted monitoring, protocol security sprints, and user-level insurance products appeared across industry forums and social media threads in the days following the attacks.

Defillama’s lifetime totals now show crypto hacks exceeding $16.5 billion, with DeFi-specific losses near $7.7 billion and bridge exploits accounting for approximately $2.9 billion. Private-key compromises and operational security failures remain the most common attack vectors across all categories.

Analysts warned that growing total value locked (TVL) during bull-market conditions attracts a higher volume of sophisticated attackers, creating pressure on protocols to prioritize defense over new feature development heading into Q2 2026. Additionally, advances in artificial intelligence (AI) coding and cybersecurity have seemingly increased these hacking incidents.

Investigations into several April incidents remain open. Defillama continues tracking all confirmed exploits in real time, with figures subject to revision as recovery efforts proceed and attribution is finalized.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。