DeFi hack surge

Decentralized finance, or DeFi, lets people trade, borrow and lend through code instead of a bank — and in April that code and the people running it were hit again and again. Since April 1, at least a dozen DeFi protocols and crypto firms have been attacked, after the $280 million Drift Protocol exploit opened the month. (cointelegraph.com) DeFi protocols hold user funds in smart contracts, which are programs that move money automatically when preset rules are met. When those rules are wrong, or when an attacker gets control of a key that can change them, funds can be drained in minutes across multiple chains. (immunefi.com) The biggest single hit in this stretch was Drift Protocol on April 1, when attackers stole about $280 million in what Rekt described as a six-month social-engineering campaign rather than a code break. Rekt said the attackers used “a fake token” and trust built through proxies, while Cointelegraph reported the incident is suspected to involve North Korean-affiliated actors. (rekt.news) (cointelegraph.com) Smaller attacks kept landing after that. Cointelegraph reported Rhea Finance lost about $7.6 million on April 16, Silo Finance lost $392,000 on April 3, Aethir lost $423,000 on April 9, Dango lost $410,000 on April 13, and a Binance Smart Chain TMM/USDT pool lost about $1.67 million in early April. (cointelegraph.com) Security trackers are counting the damage in different ways, but all of them show a sharp jump. DefiLlama counted more than $168.6 million stolen from 34 DeFi protocols in all of the first quarter of 2026, and The Block’s DeFi exploits tracker showed attacker losses climbing through mid-April. (defillama.com) (theblock.co) That is why the recent three-week estimate topping $600 million drew attention: it suggests April alone may have already blown past the pace of January through March. Public incident tallies on social media and security dashboards have bundled DeFi exploits, related crypto infrastructure attacks, and fast-moving loss estimates as protocols disclose more details. (cointelegraph.com) (theblock.co) The attacks have not all looked alike. Hyperbridge lost about $2.5 million after a missing bounds check in a proof verifier let forged proofs pass on April 13, while Rhea Finance’s exploit was tied to fake token contracts and fresh liquidity pools that appear to have misled its pricing system. (rekt.news) (cointelegraph.com) Those mechanics matter because DeFi often links trading venues, lending pools, bridges and price feeds into one stack. A bad oracle setting at Silo, an access-control failure at Aethir, or a bug in a bridge aggregator like Dango can spill across users and counterparties that never touched the vulnerable code directly. (defillama.com) (cointelegraph.com) The industry has spent years adding audits, bug bounties and real-time monitoring, but April’s losses show those layers still miss basic failures in keys, permissions and price checks. Immunefi says it tracks crypto loss reports because hacks and scams remain a recurring source of user losses across Web3 systems that hold billions of dollars. (immunefi.com) For users, the immediate question is not whether DeFi keeps growing, but which protocols can prove they know where their weakest switch is before the next attacker finds it. April’s exploit list is already long, and the month is not over. (cointelegraph.com)