Solana’s Drift Protocol was hacked on April 1, losing $280 million.
60% of funds hacked in all of 2026 were stolen in April.
In the two weeks since the April 1 Drift Protocol hack, the cryptocurrency ecosystem has recorded at least 12 additional security incidents.
According to a summary published in X by the on-chain analyst and researcher known as Jussy, the accumulated losses throughout 2026 exceed USD 450 millionand the vast majority were concentrated in the last two weeks. The hack of the Solana network’s Drift protocol alone represents more than 60% of the annual total, making April the most damaging month of the year so far.
Attack vectors ranged from smart contract exploits and oracle manipulation to social engineering, domain hijackings, and insider threats.
The hack of Drift, the largest decentralized exchange (DEX) for perpetual futures on Solana, was the starting point. As CriptoNoticias reported, the attacker combined a transaction pre-signing technique with deception of members of the protocol’s governing body, draining approximately USD 280 million in less than a minute.
Today, April 16, Drift advertisement a collaboration with Tether and other partners for up to USD 150 million to relaunch the protocol with USDT as the central settlement currency and create a recovery fund for affected users.
The cases that followed Drift during April
On April 8, a Bybit exchange security team detected and blocked a series of coordinated fake deposit attacks that They tried to credit more than 1 billion DOT coinsequivalent to approximately USD 1,240 million, without any user being affected or funds being credited incorrectly, as reported by the exchange.
On April 13, a hacker exploited a flaw in the Hyperbridge between Polkadot and Ethereum, minting 1 billion DOT tokens and obtaining approximately $237,000 in ETH before the bridge was paused.
Also on April 13, Kraken revealed that it was being extorted by a criminal group that threatened to publish videos of improper access to its internal systems. The exchange confirmed two incidents of inappropriate employee access to support data, with approximately 2,000 accounts potentially viewed. The funds were not at risk, according to Kraken.
On April 14, CoW Swap, a decentralized exchange, suffered a hijacking of its web domain that redirected users to a fake site.
By April 16, the Hyperbridge team acknowledged that total losses amount to approximately USD 2.5 millionincluding incentive pool funds on Ethereum, Base, BNB Chain and Arbitrum.
The rest of the attacks carried out in the fourth month of the year
The rest of the incidents during the period also reflect various vulnerabilities:
KuCoin, a centralized exchange, saw how they washed USD 9.5 million through more than 150 deposit addresses linked to a mixercoming mainly from a scam with a fake Ledger app in the App Store, according to researcher ZachXBT.
The Dango decentralized perpetual trading app (on Ethereum) lost USD 410,000 due to a logical flaw in its insurance fund contract, which allowed collateral to be drained instead of received. After the attack, its security team managed to recover the lost amounts and correct the code errors, according to they warned.
Additionally, researcher Jussy summarized the rest of the attacks: Silo V2 suffered an oracle exploit with losses of USD 392,000. BSC TMM (trading pair on BNB Chain) lost $1.67 million due to reserve manipulation; the Aethir and SubQuery platforms totaled USD 480,000 combined for access control failures; MONA protocol lost $61,000 due to an exploit in its burning address; and Zerion (a multi-chain wallet) was a victim of social engineering with USD 100,000 drained.
Hacks with different attack vectors
The pattern that emerges, according to the question with which Jussy closed his attack count, is that the weakness is not in a single point: “What is the weakest link right now: the code, the people or the system itself?”
The attacks of the last two weeks illustrate that there is no single point of failure in the cryptocurrency ecosystem. The Drift hack targeted the human layer by deceiving protocol signers, Hyperbridge and Dango failed to validate their smart contracts, CoW Swap was vulnerable in its web domain infrastructure, and Kraken faced an insider threat. Code, people and infrastructure turned out to be equally weak links at different times.
In that context, Charles Guillemet, CTO of Ledger, believes that artificial intelligence is accelerating this problem: “Asking a language model to analyze the security differences between two versions of a binary and generate an exploit is faster, cheaper and much more efficient than before.”