April 2026: 30 crypto hacks, $625M stolen, bridges hit

Defillama confirmed that April 2026 saw between 28 and 30 separate crypto exploits, with total losses above $625 million. The month posted the highest incident count since tracking began, averaging almost one attack per day.

Two large incidents accounted for roughly 93% of the month’s losses. On April 1, Drift Protocol on Solana lost about $285 million in a social‑engineering theft linked in reporting to North Korea’s Lazarus Group. Around April 18, KelpDAO experienced a message‑spoofing exploit targeting a LayerZero cross‑chain bridge, with estimated losses near $293 million. Together those events accounted for about $578 million of April’s total.

Onchain researcher Stacy Muur shared a running tally on April 29 listing 24 confirmed hacks totaling more than $624 million before the month closed. April’s dollar losses were below the February 2025 Bybit breach of roughly $1.4 billion, but the incident count more than doubled prior monthly peaks, which rarely exceeded 12 to 15 events. Year to date through April, the industry recorded about 68 incidents and slightly more than $1 billion stolen.

Smaller incidents were frequent. Reported losses included Rhea Finance at $18.4 million, Grinex at $15 million, Wasabi Protocol at about $5 million, Volo Vault and Sweat Foundation at $3.5 million each, and Hyperbridge at $2.5 million. Dozens of additional exploits ranged from $50,000 to $1.5 million.

Security researchers and protocol operators identified social engineering, access‑control failures, private‑key compromises and operational security lapses as common attack vectors during April. Earlier years’ breaches often stemmed from smart‑contract bugs; April’s pattern showed a shift toward attacks on people and operational systems.

The KelpDAO exploit prompted rapid withdrawals across decentralized finance. Reports indicated more than $14 billion in total value locked left DeFi protocols within days, with outflows concentrated in bridges and lending platforms as users reduced exposure to cross‑chain risk. Industry participants called for stronger key management, wider use of multi‑signature schemes, AI‑assisted monitoring, intensified security reviews and the development of user‑level insurance products.

Defillama’s cumulative tracking now shows crypto hacks exceeding $16.5 billion, DeFi‑specific losses near $7.7 billion and bridge exploits totaling about $2.9 billion. Investigations into several April incidents remain open, and Defillama and onchain teams said figures may be revised as recovery efforts proceed and attribution is finalized.