Crypto hack losses top $630M in April as DeFi dominates damage

Crypto hack losses surged in April, with DeFiLlama estimating about $629.7M in value stolen across 25+ incidents—one of the worst months since February 2025. Two major exploits drove most of the damage: KelpDAO’s ~$293M hack and Drift Protocol’s ~$280M exploit together account for roughly 82% of the month’s crypto hack losses. The latest reporting highlights that risk is shifting beyond simple smart-contract bugs toward bridges, privileged access, and operational failures. Additional incidents show the breadth: Wasabi Protocol was reportedly drained of ~$5.5M across Ethereum/Base/Blast/Berachain networks (CertiK); Sweat Economy allegedly lost ~$3.46M (about 65% of its liquidity pool) in under 30 seconds, and the team later said funds were frozen on MEXC; Aftermath Finance on Sui saw an exploit where Blockaid estimated ~$1.1M USDC stolen across 11 transactions. Chainalysis says attackers increasingly target off-chain infrastructure and human “seams” (e.g., compromised RPC nodes, cloud key-management breaches, and long-running social engineering), while on-chain activity can still look legitimate. Analysts also note that real-time monitoring helped limit repeat losses in the KelpDAO case. For traders, crypto hack losses like these can widen the perceived security risk premium for DeFi liquidity and pressure sentiment in the short term, especially for bridge- and integration-heavy protocols.