Crypto protocols lost over $606 million to exploits in just the first 18 days of April 2026, marking the worst month for DeFi hacks since February 2025. According to data from DefiLlama, the combined total spanned 12 distinct exploits, dwarfing the $165.5 million lost in the entire first quarter of 2026, a nearly fourfold increase over Q1 combined.
The surge in losses was driven by two major incidents: a $290 million compromise at KelpDAO’s cross-chain bridge and a $285 million exploit at Drift Protocol. Together, these attacks accounted for 95% of April’s total losses and 75% of the $771.8 million recorded across incidents so far this year.
KelpDAO’s bridge exploit drained 116,500 rsETH tokens by leveraging a single-verifier configuration, with stolen tokens used as collateral to borrow funds across multiple lending platforms. The resulting flash liquidation and forced lending freezes triggered a rapid deposit flight, exacerbating the downturn.
Drift Protocol’s exploit, attributed to sophisticated governance manipulation, exploited pre-signed administrative transactions to seize governance control and user funds across trading, lending, and vault deposits. More than $232 million in USDC was bridged to Ethereum via Circle’s cross-chain transfer protocol over 100 transactions.
The fallout exposed vulnerabilities in DeFi’s security infrastructure, particularly in cross-chain bridges and decentralized governance mechanisms. Analysts warn that failure to adopt multi-verifier setups and robust governance checks leaves protocols open to both infrastructure-level and social-engineering attacks.
Following the KelpDAO incident, total value locked (TVL) across DeFi dropped by over 7% within 24 hours, with Aave’s TVL falling from $26.4 billion to $17.9 billion. The rapid decline underscores systemic risk posed by interconnected collateral across lending protocols.
Hack frequency has climbed sharply, with 47 incidents recorded through mid-April 2026 compared to 28 during the same period in 2025—a year-over-year increase of about 68%. Observers note that rising hack frequency, even as loss totals remain below the inflated Bybit breach of February 2025, indicates a persistent threat environment.
In response, DeFi protocols have initiated emergency freezes and paused key markets to contain contagion. Security standards and risk-pricing models are under scrutiny as projects seek to restore user confidence. Analysts recommend prioritizing multi-layered verification and continuous off-chain infrastructure monitoring.
The April surge has reignited calls for unified security frameworks and industry collaboration on threat intelligence sharing. As protocols rebuild and audit infrastructure, DeFi’s growth will depend on its ability to balance innovation with rigorous security practices and standardized certification requirements.
Comments (0)