April 2026 closed as the most-hacked month in crypto history by incident count, with Defillama confirming 28 to 30 separate exploits and more than $625 million stolen across the industry. The record was not set by a single catastrophic event but by a sustained wave of attacks averaging nearly one per day.
Two Major Exploits Drive Bulk of Losses
Two large attacks drove the vast majority of losses. On April 1, Drift Protocol on Solana lost approximately $285 million in a social-engineering attack linked to North Korea’s Lazarus Group. Around April 18, KelpDAO lost roughly $293 million through a Layerzero bridge message spoofing exploit. Together, the two incidents accounted for nearly 93% of April’s total losses. The remaining 26 or more incidents were mostly below $5 million, and many came in under $1 million, targeting lending pools, vaults, staking contracts, oracle configurations, and cross-chain bridges.
Historical Comparison and Industry Impact
April’s dollar losses rank as the worst since the February 2025 Bybit breach (approximately $1.4 billion). By incident count, however, April 2026 stands alone. Year-to-date through April, the industry recorded roughly 68 incidents and more than $1 billion stolen, already ahead of 2025’s pace (excluding Bybit). April alone was 3.7 times larger than all of Q1 2026, which saw approximately $165 million lost across 35 incidents. Smaller incidents included Rhea Finance ($18.4M), Grinex ($15M), Volo Vault ($3.5M), Hyperbridge ($2.5M), Sweat Foundation ($3.5M), and Wasabi Protocol (~$5M on April 30). Dozens of additional exploits ranged from $50,000 to $1.5 million.
Capital Flight and Community Response
Following the KelpDAO hack, reports show more than $14 billion in total value locked (TVL) leaving DeFi protocols within days, with withdrawals concentrated in bridge and lending platforms. Community reaction ranged from alarm to calls for structural change. Security researchers pointed to social engineering and access-control failures as the dominant vectors, moving beyond the smart-contract bugs that defined earlier years of DeFi exploits. Calls for multi-signature key management, AI-assisted monitoring, protocol security sprints, and user-level insurance products appeared across industry forums.
Defillama Cumulative Data and Future Outlook
Defillama’s lifetime totals now show crypto hacks exceeding $16.5 billion, with DeFi-specific losses near $7.7 billion and bridge exploits accounting for approximately $2.9 billion. Private-key compromises and operational security failures remain the most common attack vectors. Analysts warned that growing TVL during bull-market conditions attracts a higher volume of sophisticated attackers, creating pressure on protocols to prioritize defense over new feature development heading into Q2 2026. Additionally, advances in AI coding and cybersecurity have seemingly increased these hacking incidents. Investigations into several April incidents remain open, and Defillama continues tracking all confirmed exploits in real time.

