Off-chain exploits, DeFi bridge attacks cost $630M in April

Off-chain exploits targeting DeFi bridges, privileged access and operational systems drained about $629.7 million from crypto platforms in April, the largest monthly loss since February 2025. Two attacks — a $293 million theft from KelpDAO and a $280 million exploit of Drift Protocol — accounted for roughly 82% of the month’s total.

Data compiled by DeFiLlama puts April’s total at $629.7 million, down from $1.47 billion in February 2025. The losses were concentrated in a small number of large incidents, leaving decentralized finance the most targeted sector for the month.

Security firms and blockchain analytics professionals reported a shift from simple smart contract bugs to multi-stage intrusions that rely on off-chain infrastructure and compromised privileged accounts. Yaniv Nissenboim, head of security solutions at Chainalysis, commented that attackers are exploiting gaps where on-chain protocols connect to external systems.

Reported entry points include compromised remote procedure call (RPC) nodes, breaches of cloud key management systems and extended social engineering campaigns. In many cases, on-chain transactions executed by attackers appear legitimate because the initial breach occurs off-chain or through stolen access rather than a vulnerability in the smart contract itself.

Other incidents in April included the Wasabi Protocol exploit, which drained about $5.5 million across Ethereum, Base, Blast and Berachain; Sweat Economy losing roughly $3.46 million, with some stolen funds later frozen on a centralized exchange and recovery efforts under way; and Aftermath Finance having about $1.1 million in USDC drained across 11 transactions.

Rapid detection limited additional losses in some cases. Security teams intervened during the KelpDAO incident to block what would have been a second transfer of roughly $95 million, Chainalysis reported.

Analysts at Standard Chartered wrote in a research note that while the KelpDAO theft raised questions about DeFi’s integration with other financial services, they expect growth to continue as projects adopt stronger defenses.

Security firms recommended that projects harden off-chain infrastructure, tighten access controls, improve cloud key management and deploy automated anomaly detection to identify suspicious activity in real time.

April’s total stood at $629.7 million, with the two largest incidents accounting for the majority of the value stolen.