The number of crypto hacks rose to a record high in April, according to DeFi Llama.
"April ends as the most-hacked month in crypto history, by number of incidents," the data firm posted to X along with a chart.
While the total dollar amount of stolen funds is not record-breaking, the total number of exploits easily exceeded 20 for what looks like the first time ever, according to DeFi Llama. There have been at least three months to date where losses topped $1 billion.
One online crypto commentator, Stacy Muur, posted to X a count of 24 hacks as of Wednesday, which had resulted in over $600 million in lost funds.
KelpDAO's widely-publicized $292 million incident ranked as the largest single exploit for the month of April, and one of the largest single attacks on record. That exploit sent shockwaves through DeFi after triggering bad-debt concerns at Aave, with many organizations committing to emergency loans and donations.
Drift Protocol's exploit on April 1, valued at over $280 million, ranked as the second-largest hack.
Another notable April exploit involved Hyperbridge, which lost $2.5 million following a Token Gateway exploit on the Polkadot-native protocol. An initial extraction of roughly 245 ETH was followed about an hour later by a forged cross-chain message that bypassed Merkle Mountain Range proof verification.
Using this loophole, the attacker managed to mint approximately 1 billion bridged DOT tokens and then sell them.
One crypto enthusiast on X, responding to DeFi Llama's post on Thursday, attempted to draw an important distinction about the months extraordinary number of exploits. "The number of incidents tells one story. The method tells another," CuriousCrypto said. "Drift and Kelp weren't code bugs. They were months of social engineering against humans with admin keys."
Drift Protocol said its exploit, which drained the Solana-based perpetuals exchange, was part of a "structured intelligence operation" that took roughly six months to stage.
With the end of April in sight, another exploit involving Ethereum mainnet addresses appears to have occurred, according to popular onchain analyst Wazz on Friday.
"Hundreds of wallets (many of which haven't been active in 7+ years) just got drained by the same address on ETH mainnet," Wazz said. "Seems like a new live exploit, worth flagging."
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
