Cryptocurrency hacks reached $629.7 million in April 2026, the highest monthly loss since February 2025’s $1.47 billion surge. Two incidents dominated the period: KelpDAO lost $293 million and Drift Protocol suffered a $280 million exploit, together accounting for 82% of all losses across 25+ separate hacks. The spike signals a fundamental shift in attack vectors away from smart contract vulnerabilities toward sophisticated multi-stage exploits targeting off-chain infrastructure.
DeFi Protocols Under Sustained Siege
DeFi platforms bore the brunt of April’s attack wave, with derivative and liquid staking protocols proving most vulnerable. Beyond the two largest incidents, Wasabi Protocol lost $5.5 million, while Sweat Economy, a Move-to-earn platform, lost $3.46 million in under 30 seconds after attackers drained 65% of its liquidity pool. Aftermath Finance on Sui blockchain saw $1.1 million USDC drained across 11 transactions in approximately 36 minutes. The KelpDAO incident proved particularly disruptive: attackers stole $293 million initially, but rapid detection prevented a second theft of roughly $95 million, directly impacting the AAVE protocol.
Attack Sophistication Shifts Off-Chain
Security researchers identified a critical pattern across incidents. Yaniv Nissenboim, head of security solutions at Chainalysis, stated: “What connects these incidents is that well-resourced attackers are finding novel ways to exploit the seams between on-chain protocols and the offchain systems they depend on.” Attackers increasingly target compromised RPC nodes, breached cloud key management systems, and exploit social engineering campaigns rather than hunting for smart contract bugs. This shift demands real-time monitoring and automated safeguards as standard infrastructure, not optional upgrades.
Industry Response and Recovery Outlook
Standard Chartered analysts, led by Geoffrey Kendrick, acknowledged the threat but expressed cautious optimism. “While the recent KelpDAO theft and its impact on AAVE have raised questions around continued DeFi banking growth, we expect growth to remain on track as a maturing DeFi industry puts solutions in place to reduce vulnerabilities.” Security firms including Certik and Blockaid have intensified monitoring, while MEXC froze stolen funds where possible. Recovery rates for most stolen assets remain unclear, highlighting the gap between detection speed and fund retrieval capacity.
