April Ends as the Most-Hacked Month in Crypto History

The largest incidents included a $292 million exploit involving KelpDAO and a $280 million attack on Drift Protocol, alongside smaller cases like a $2.5 million loss at Hyperbridge. Unlike previous periods where total losses were higher, April’s defining trend was the surge in frequency of attacks, with several major exploits linked to social engineering tactics rather than purely technical vulnerabilities.

April Sets Record for Crypto Hacks

April set a troubling new record for the cryptocurrency industry, not because of the sheer amount of money lost, but due to the unprecedented number of hacking incidents recorded in a single month. 

Data from DeFi Llama shows that April became the most exploit-heavy month in crypto history, with the total number of incidents surpassing 20 for what appears to be the first time. Some independent counts, including figures shared by crypto commentator Stacy Muur, suggest that as many as 24 separate hacks occurred, which resulted in losses of over $600 million.

While previous months have seen higher total losses, it is the spike in frequency that stands out. The nature of these attacks suggests that the industry is facing not only technical vulnerabilities but also increasingly sophisticated human-targeted strategies.

The largest exploit of the month involved KelpDAO, where approximately $292 million was compromised. This incident had ripple effects across decentralized finance, particularly Aave, where concerns around bad debt emerged. In response, several organizations stepped in with emergency funding and support measures to stabilize the situation. 

Closely following was the Drift Protocol exploit, which resulted in losses of more than $280 million. This attack was described as a highly coordinated operation that took around six months to execute.

Smaller incidents also contributed to the overall tally. Hyperbridge, for example, lost $2.5 million after attackers exploited a flaw in its token gateway system. By bypassing verification mechanisms, the attacker was able to mint a massive amount of bridged tokens and offload them for profit.

What stands out in April’s wave of attacks is the shift in methodology. Rather than relying only on code vulnerabilities, several of the largest exploits were driven by social engineering tactics targeting people with administrative access. This suggests that human security practices are becoming just as critical as smart contract auditing.

Adding to concerns, reports of a new exploit affecting long-dormant Ethereum wallets surfaced toward the end of the month, which means that threats were still active and potentially escalating.