Crypto hacks hit record April high, 20+ DeFi exploits cost $625M

April 2026 became the most-hacked month in crypto history, with 28–30 crypto hacks across 20+ separate DeFi exploits and more than $625 million stolen. The two biggest crypto hacks drove most of the damage: Drift Protocol lost about $285M on April 1, and KelpDAO lost about $293M on April 18, both linked to North Korea-linked actors. Drift’s attackers used pre-signed withdrawal instructions after months of access; KelpDAO’s incident involved manipulating token release so stolen assets appeared backed. A key downstream impact came from the KelpDAO attacker depositing stolen tokens as collateral on Aave, then borrowing nearly $190M in real ETH. This pushed Aave deposits down from $26.4B to about $17.9B within 48 hours and drove stablecoin pools to 100% utilization. Reported “bad debt” at Aave rose to roughly $124M–$230M, while withdrawals triggered liquidity and risk controls across protocols including Morpho, Spark, Lido, Yearn, Beefy, and even Ethereum-linked operations. Attribution is heavy: TRM Labs says North Korea was responsible for ~75% of all 2026 hack losses through April 2026 (about $577M of $759M), with over $6B stolen since 2017. Beyond the two anchor incidents, smaller attacks in April included Rhea Finance ($18.4M, Tether froze $3.29M but flash loans drained the rest), Grinex ($13.74M USDT), Hyperbridge ($2.5M, Polkadot), CoW Swap ($1.2M), and Wasabi Protocol (~$5M, via a compromised deployment key). For traders, the mix of faster response (e.g., emergency fund freezes) and evolving social-engineering-style exploits raises near-term risk sentiment and can pressure DeFi liquidity and TVL, even if long-term security funding improves.