The cryptocurrency industry has seen a sharp spike in hacks in April, with losses topping $600 million in the worst month for crypto hacks in more than a year.
According to DeFiLlama, the total value hacked in April so far amounted to $629.7 million, the highest since $1.47 billion in February 2025. With KelpDAO’s $293 million hack and Drift Protocol’s $280 million exploit accounting for 82% of the monthly losses, decentralized finance (DeFi) has taken the unwanted crown as the most targeted sector over the past month.
Source: DeFiLlama
The concentration of losses in a handful of large DeFi incidents shows how a small number of attacks can still overwhelm broader security improvements across the sector. The causes of the hacks also revealed that the biggest risks are increasingly tied to bridges, privileged access and operational failures, rather than simple smart contract bugs alone.
Related: Russia-linked crypto exchange Grinex halts trading after $14M hack
April DeFi hack losses surge
One of the latest attacks involved the DeFi derivatives platform Wasabi Protocol, which at the time of writing had been drained of around $5.5 million across Ethereum, Base, Blast and Berachain networks in an ongoing exploit, according to Certik.
Recent attacks also include the move-to-earn crypto platform Sweat Economy, which reportedly lost $3.46 million, or about 65% of its liquidity pool, in under 30 seconds. The protocol later said stolen funds were frozen on MEXC shortly after the incident, with recovery efforts underway.
Source: Jussy
Aftermath Finance, a Sui blockchain-based decentralized trading platform, was also among the recent DeFi hacks, suffering an exploit on its perpetuals platform. According to Blockaid, the attacker drained about $1.1 million in USDC across 11 transactions in roughly 36 minutes.
Related: Andre Cronje says DeFi is ‘no longer DeFi’ as builders debate circuit breakers
Chainalysis says attackers are exploiting off-chain systems, not smart contract bugs
April’s spike in crypto exploits reflects a shift toward more sophisticated, multi-stage attacks targeting offchain infrastructure rather than smart contract vulnerabilities, Yaniv Nissenboim, head of security solutions at Chainalysis, told Cointelegraph.
“What connects these incidents is that well-resourced attackers are finding novel ways to exploit the seams between on-chain protocols and the offchain systems they depend on,” Nissenboim said.
These entry points include compromised remote procedure call (RPC) nodes, breaches of cloud key management systems and long-running social engineering campaigns, he said. In many cases, on-chain transactions still appear fully legitimate, even as infrastructure or human-access layers are already compromised.
Nissenboim said that real-time monitoring and automated safeguards are becoming critical, citing anomalies such as abnormal minting patterns and cross-chain inconsistencies that can be detected instantly. In one case, rapid detection helped prevent a second theft of roughly $95 million during the KelpDAO incident, he added.
According to Standard Chartered’s analysts led by Geoffrey Kendrick, KelpDAO’s incident is a sign of DeFi’s growing resilience rather than a fatal failure for the sector.
“While the recent KelpDAO theft and its impact on AAVE have raised questions around continued DeFi banking growth, we expect growth to remain on track as a maturing DeFi industry puts solutions in place to reduce vulnerabilities,” the bank said in a Wednesday research note seen by Cointelegraph.
Magazine: AI-driven hacks could kill DeFi — unless projects act now
