The cryptocurrency industry is grappling with an escalating hacking crisis, as social engineering attacks become the primary vector for massive thefts. Michael Pearl, vice president of strategy at security firm Cyvers, told DL News that suspicious characters have approached him at crypto conferences, attempting to sell seemingly too-good-to-be-true investment opportunities that often contain malicious links. This psychological manipulation, known as social engineering, has become the starting point for numerous high-profile heists, including the $1.5 billion Bybit hack in February 2025, a $282 million theft from a single crypto holder in January, and the recent Drift Protocol attack.
Security experts point to humans as the central point of failure. Matt Price, vice president of investigations at Elliptic, noted that artificial intelligence is helping bad actors sharpen their social engineering techniques, making attacks more efficient. The Bybit hack, the largest in crypto history, occurred after attackers posing as trusted open-source contributors convinced a developer to install dodgy software. Similarly, the Drift Protocol attack involved hackers who built relationships with the exchange's team, posing as members of a legitimate trading organization, before tricking employees into signing transactions that handed over admin control, resulting in nearly $300 million in stolen assets.
According to data from DefiLlama, hackers stole more than $2.5 billion last year, and so far this year, criminals have stolen $786 million from crypto projects. While decentralized finance (DeFi) protocols are the primary target, centralized systems like Coinbase have also been hit. Some experts, like David Schwed of SVRN, are skeptical of the narrative that AI is an unimaginable threat, arguing instead that many DeFi projects are built with poor security and that hackers simply find vulnerabilities faster.
The crisis was further highlighted by the $292 million hack of Kelp DAO on April 18, 2026, the largest DeFi exploit of the year so far. According to a CoinGecko analysis, the attack exploited a single misconfigured security setting in Kelp DAO's LayerZero bridge. The Decentralized Verifier Network (DVN) was configured as a 1-of-1 setup, relying on just one signer for cross-chain message approval, rather than the minimum secure standard of 2-of-2. This single point of failure allowed an unidentified attacker—reportedly linked to the DPRK-affiliated Trader Traitor group—to mint 116,500 unbacked rsETH tokens and use them as collateral to borrow roughly $230 million in assets on the Aave lending platform, saddling the protocol with bad debt.
CoinGecko's review of Dune Analytics data covering approximately 2,665 LayerZero OApp contracts found that 47 percent still operate under the risky 1-of-1 model. The top ten at-risk assets by market capitalization include Tether's omnichain USDT0 stablecoin, with $4.065 billion in circulating supply—accounting for over 87 percent of the exposed value among the top ten. While most USDT0 deployments use safer 2-of-2 settings, its contracts on Ethereum, Optimism, and Base remain on 1-of-1, raising fears of unbacked minting that could cascade into lending markets across chains. Pendle Finance's PENDLE token ranks second at roughly $229 million, followed by smaller projects like Aethir (ATH), Zama (ZAMA), and Vana (VANA).
In response to the hack, the ecosystem reacted swiftly: protocols paused markets, froze collateral, and reviewed settings. USDT0 halted its bridging the next day, and several teams announced upgrades, including wBTC's planned shift by April 26. The incident underscores that while smart-contract bugs require costly redeployments, DVN misconfigurations can be fixed with a simple parameter change. As DeFi gains more users, properly secure defaults and proactive audits are no longer optional but essential for protecting user funds.
