Private key breaches account for $17B in crypto hacks

DefiLlama’s data shows hackers stole more than $17 billion across 518 recorded crypto incidents over the past decade. The platform’s dashboard, published Tuesday, attributes a large share of those losses to private key compromises alongside phishing and credential theft.

DefiLlama breaks private key compromises into categories: about 22.3% of incidents were listed as brute-force private key compromises, 18.2% as private key compromises by unknown methods, and 10% involved phishing attacks on multi-signature wallets. The figures point to repeated problems with wallet security, signing infrastructure and user credential exposure.

The data follows major exploits in 2026. Earlier this year an attacker drained roughly 116,500 restaked Ether (rsETH) — about $290 million to $293 million at the time — from Kelp DAO’s LayerZero-powered rsETH bridge. A report from crypto trading firm GSR shows more than $600 million was stolen from DeFi protocols in the prior 60 days, with the Kelp DAO incident and an April 1 exploit on the Solana-based Drift Protocol comprising the bulk of that total.

GSR’s analysis found attackers are increasingly targeting operational security, signing infrastructure, developer tooling and the people who operate them. The firm also noted that yields in decentralized finance have moved closer to traditional finance rates, which has affected user decisions about on-chain deposits.

Cybersecurity firms report that advances in malware and artificial intelligence are making social engineering and wallet-targeting attacks easier to scale. One common tactic sends users a small transaction that contains the attacker’s address, relying on the victim to copy and paste the address from transaction history and send funds to the attacker. The growth of hacking-as-a-service marketplaces has provided ready-made tools to buyers in exchange for a share of stolen funds.

Dyma Budorin, co-founder and CEO of Hacken, warned that many wallet-draining scams start with a link or small transaction and end with total fund loss. Budorin said darknet platforms handling the tools take a commission, while the attackers keep most of the proceeds.

Hacken’s report recorded $482 million in losses for Web3 projects in the first quarter of 2026, with $306 million tied to phishing and social engineering. Other security trackers reported a sharp fall in losses from crypto phishing in 2025, even as wallet-drainer scripts and new malware strains continued to appear.

Taken together, the reports from DefiLlama, GSR and cybersecurity firms show a larger share of crypto thefts now stem from private key compromises, phishing and credential-based attacks rather than only from smart contract code flaws.