The April 1 Drift Protocol hack, worth $285 million, was the biggest hit of the month.
Wasabi, hacked on the last day of April, closed the month with an additional $5.5 million stolen.
April comes to an end, a month that will be remembered in the cryptocurrency ecosystem for the 34 hacks of decentralized finance (DeFi) protocols, which translates into more than one attack per day.
According to the monthly report of the security firm CDSecurity, published by its founder Chris Dior, April recorded losses of approximately USD 635 million, considering in the document the recent hack of Wasabi, which came to light on April 30. In this way, the total for the month represents 78% of everything stolen in the cryptocurrency ecosystem so far in 2026 (approximately USD 815 million).
The attack vectors were varied. Compromised administrative keys, smart contract manipulation, social engineering, domain hijacking, and insider threats appeared alternately throughout the month.
Hacks in DeFi during April
The most significant incidents of April by amount of stolen amounts, according to the report from CDSecurity and the monitoring of CriptoNoticias, were the following:
- Drift Protocol (April 1) — USD 285 million. The biggest hack of the month and the biggest on Solana since 2022. The attacker combined social engineering with a governance exploit to drain the Solana network’s leading decentralized perpetual futures exchange.
- Kelp DAO (April 18) — USD 293 million. An attack on the bridge of the liquid restaking platform on Ethereum, by manipulating nodes that verified the state of the network. LayerZero, the messaging infrastructure used by Kelp, attributed the attack to the Lazarus group, linked to the North Korean regime.
- Rhea Lend (April 16) — USD 18.4 million. Manipulation of the trading logic and liquidity pools of the protocol.
- Grinex (April 16) — USD 15 million. Hot wallet compromise.
- Wasabi Protocol (April 30) — According to the latest reports, USD 5.5 million was drained. Administrative key of the protocol compromised on four networks: Ethereum, Base, Berachain and Blast. From the Wasabi team They warned in a new statement who are working with specialists from SEAL911 and Blockaid to update what happened. They recommend not interacting with their smart contracts.
- Sweat Foundation (April 29) — $3.5 million. Exploit in the logic of reimbursement contracts.
- Volo Vault (April 21) — $3.5 million. Exploit in liquidity vault.
- Hyperbridge (April 13) — USD 2.5 million. Cross-chain state falsification through an exploit in the bridge between Polkadot and Ethereum that enabled the drain of USD 237,000 and the figure later reached 2.5 million.
- BSC TMM/USDT (April 4) — USD 1.67 million. Reserve manipulation on the BNB Chain network.
Smaller-scale cases of the month also cited by researcher Dior include Silo V2 ($392,000), Dango ($410,000), Denaria ($165,000), and Aethir and SubQuery Network ($480,000 combined). CoW Swap and HypurrFi were also attacked on April 14, although with no confirmed fund losses.
AI, an accelerator of the problem
Charles Guillemet, chief technology officer at Ledger, warned that artificial intelligence (AI) is reducing the cost and time required to develop exploitsas reported by CriptoNoticas.
According to Guillemet, asking a language model to analyze security differences between two versions of a program and generate an exploit is today faster, cheaper and more efficient than any previous method. The diagnosis suggests that the attack surface in DeFi is not only growing due to the proliferation of protocols, but also because the tools to attack them become more accessible.
The researcher known as Vaim synthesized the structural problem that he exposed to the Wasabi protocol, and that was repeated in several cases of the month: protocols that They concentrate administrative control in a single walletwithout requiring multiple signatures or waiting periods before executing critical changes. An architecture that, in his words, worked exactly as designed, but that turns any key compromise into a total and irreversible loss.