Blockchain analytics platform DefiLlama has reported that April 2026 recorded the highest number of cryptocurrency hacking incidents in a single month, with approximately 28 to 30 separate exploits. This volume surpasses all prior months, marking a troubling milestone even as the broader crypto market has matured and total value locked (TVL) has grown.
Losses for April alone exceeded $600 million, pushing year-to-date 2026 hack totals to nearly $770 million. Major breaches included those affecting Drift Protocol on Solana and Kelp DAO on Ethereum, which together accounted for $579 million in losses. The sheer number of smaller incidents, however, signals a widespread uptick in attacker activity across protocols, bridges, and infrastructure layers.
According to TRM Labs, North Korea-linked groups were responsible for 76% of all crypto hack losses in 2026 through April, extracting $577 million from just two high-profile operations. Pyongyang’s cumulative attributed theft since 2017 now exceeds $6 billion, with its share of global losses climbing from under 10% in 2020–2021 to 64% in 2025.
Chainalysis's 2026 Crypto Crime Report, reviewing 2025 data, similarly shows hack-related losses surpassing $2 billion that year, while total illicit cryptocurrency flows reached an estimated $154 billion—a 162% increase from the prior year. The report flags nation-state sanctions evasion and industrialized fraud ecosystems as key drivers.
Security researchers note that rising capital inflows appear to attract increasingly sophisticated adversaries, who blend social engineering, admin-key compromises, and smart-contract logic flaws. The attacks on Drift and Kelp DAO both ultimately exploited centralized weak points. North Korean hackers compromised two Drift employees through an elaborate social engineering campaign, enabling them to steal $285 million. For Kelp DAO, a misconfigured LayerZero bridge requiring only a single operator was exploited, resulting in $273 million in losses.
Despite code bugs causing 83% of April’s 29 incidents, they accounted for only $42 million (6.6%) of total losses. Experts from firms like CertiK, SlowMist, and Elliptic highlight recurring vulnerabilities including private-key compromises, multisig failures, and oracle manipulations. The record incident count in April serves as a clear inflection point, eroding confidence and raising compliance costs across the ecosystem.
