Crypto Hacks Hit $630M in April, Worst Month Since 2025
April saw crypto hacks surge to $629.7 million, the highest since February 2025, driven by major DeFi exploits at KelpDAO and Drift Protocol. Analysts warn attackers now target off-chain infrastructure and social engineering, raising security alarms across the sector.
Quick Take
Total April hacks reach $629.7M, with KelpDAO ($293M) and Drift ($280M) dominating losses.
Wasabi Protocol, Sweat Economy, and Aftermath Finance each lost millions in separate exploits.
Chainalysis notes shift to multi-stage attacks on off-chain systems, not just smart contract bugs.
Market Impact Analysis
BearishSpike in major DeFi hacks erodes trust and may trigger risk-off sentiment, particularly in DeFi tokens and protocols.
Speculation Analysis
Key Takeaways
- April crypto hacks totaled $629.7 million — the highest monthly loss since February 2025.
- KelpDAO ($293M) and Drift Protocol ($280M) accounted for over 90% of the total.
- Attackers are exploiting off-chain infrastructure, not just smart contract bugs, making real-time monitoring essential.
- Multiple DeFi protocols, including Wasabi, Sweat Economy, and Aftermath Finance, were drained in rapid succession.
What Happened
April brought a brutal wave of crypto hacks, pushing total losses to $629.7 million — the worst month since February 2025. Two massive exploits dominated: restaking protocol KelpDAO lost $293 million, and derivatives platform Drift Protocol was drained of $280 million. Together they accounted for over 90% of the monthly total. But the damage spread wider. Wasabi Protocol was drained of $5.5 million across multiple chains, move-to-earn app Sweat Economy saw $3.46 million vanish in 30 seconds, and Aftermath Finance lost $1.1 million in USDC. The concentration of nine-figure losses in a handful of incidents exposes deep vulnerabilities across decentralized finance.
The Numbers
April’s $629.7 million in hacks represents a sharp reversal after months of lower activity. The KelpDAO and Drift Protocol exploits alone sum to $573 million, eclipsing all other incidents. Wasabi’s $5.5 million drain hit four networks (Ethereum, Base, Blast, Berachain) in an ongoing exploit. Sweat Economy lost 65% of its liquidity pool in half a minute. Aftermath Finance saw $1.1 million in USDC siphoned across 11 transactions in just 36 minutes. These figures underscore the speed and precision of modern DeFi attacks, leaving little time for defensive action.
Why It Happened
Chainalysis notes a dangerous evolution: attackers are increasingly bypassing smart contract audits by targeting off-chain infrastructure. Compromised RPC nodes, breaches of cloud key management systems, and long-running social engineering campaigns are the new entry points. “Well-resourced attackers are finding novel ways to exploit the seams between on-chain protocols and the off-chain systems they depend on,” said Yaniv Nissenboim, head of security solutions at Chainalysis. Cross-chain bridges and privileged access controls have become prime vectors. As DeFi complexity grows, so do the attack surfaces — and the old playbook of auditing code alone is no longer enough.
Broader Impact
The string of high-profile hacks is shaking confidence in DeFi security, likely pushing risk-averse capital to the sidelines in the short term. Some protocols have begun recovery efforts, including freezing stolen funds on centralized exchanges. But trust takes longer to rebuild. The industry is bracing for a surge in investment in real-time monitoring, automated circuit breakers, and off-chain security solutions. Regulators may also take note, adding pressure on DeFi to adopt stronger safeguards or face stricter oversight.
What to Watch Next
- Progress on fund recovery for KelpDAO and Drift Protocol, and whether attackers can be traced or assets frozen.
- New security measures rolled out by DeFi protocols, especially circuit breakers and off-chain monitoring tools.
- Regulatory signals following this spike — any enforcement actions or guidance targeting DeFi security standards.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
