Crypto hacks total $630M in April

Crypto security is having one of those months that resets the conversation. April 2026 ended with roughly $630 million stolen across about 25 crypto hacks, but the headline number is almost misleading. This was not a broad spray of mid-sized exploits. It was two enormous breaches — Drift Protocol and KelpDAO — that swallowed the month whole and pushed North Korea-linked actors to about 76% of all crypto hack losses so far this year. (cointelegraph.com) ### Why does the $630 million figure matter? Because monthly hack totals can hide the shape of the problem. April’s losses were the highest monthly total since February 2025, but the damage was heavily concentrated rather than evenly spread. DeFi still dominated the biggest incidents, and that matters because DeFi markets are tightly connected — one protocol’s failure can spill into lenders, bridges, and wrapped assets fast. (cointelegraph.com) ### What happened at Drift? Drift Protocol, a Solana-based decentralized exchange, lost about $280 million to $285 million on April 1. The attack was not just a bug hunt. Drift said the exploit followed a months-long social-engineering campaign that started in late 2025, with attackers posing as a trading fir(cointelegraph.com)orth Korean hackers and called it the largest DeFi hack of 2026. (theblock.co) ### What happened at KelpDAO? KelpDAO’s breach on April 18 was different. Attackers stole roughly $292 million to $293 million in rsETH from its LayerZero-based bridge. The key point is that this was not a classic “smart contract had a coding bug” story. Investigators said t(theblock.co)ts against a burn that never happened. Basically, the contract followed instructions that looked valid because the thing verifying reality got fooled. (chainalysis.com) ### So was this really a smart-contract problem? Only partly. That’s the uncomfortable part. Both major April hacks point beyond audited code and toward the messier layer around it — admin access, social engineering, verifier design, node infrastructure, and operational security. In Drift, the weak point appears to have been people and privi(chainalysis.com)tion. Audits help, but they do not save a protocol from a compromised operator or a brittle bridge design. (theblock.co) ### Why is North Korea all over this story? Because the pattern fits what blockchain investigators have been tracking for years. TRM said the two April attacks totaled about $577 million and represented 76% of all crypto hack losses in 2026 through April. The same research g(theblock.co)sk — it becomes sanctions, national security, and laundering infrastructure all at once. (trmlabs.com) ### Why did the fallout spread beyond the hacked protocols? Because DeFi is stacked like Lego bricks. KelpDAO’s exploit hit not just Kelp users but also protocols exposed to rsETH collateral. Aave froze related markets, and later a broader “DeFi United” recovery push formed to deal with bad debt and contain knock-on damage. In other words, one bridge failure can become a balance-sheet problem for half the neighborhood. (theblock.co) ### Does freezing stolen funds solve this? Sometimes it limits losses, but it does not fix the core issue. After the KelpDAO exploit, Arbitrum’s Security Council froze about $71.5 million in linked ETH, which may help recovery. But that only works when funds are still visible and stil(theblock.co)decrypt.co) ### Bottom line April’s $630 million was not just a bad month. It was a reminder that crypto’s biggest failures now happen at the seams — where humans, bridges, governance, and infrastructure meet. That is harder to audit, harder to decentralize, and, turns out, exactly where the biggest attackers keep aiming. (cointelegraph.com)