Table of Contents
April 2026: A Record Month for Crypto Hacks
April 2026 witnessed a staggering increase in cybersecurity breaches within the cryptocurrency sector, marking it as the most hack-heavy month recorded. According to DeFiLlama, a prominent decentralised finance data platform, a total of 28 hacks were documented, resulting in cumulative losses amounting to approximately US$635.2 million (AU$882.0 million). Two significant infrastructure failures were primarily responsible for this unprecedented financial damage.
Major Incidents and Losses
Prominent incidents from April have been highlighted in DeFiLlama’s hack database. The most substantial breach took place at KelpDAO, where attackers siphoned off a remarkable US$293 million (AU$407.3 million). Following closely was an exploit involving Drift Protocol, which experienced losses of US$285 million (AU$396.2 million). These two incidents together constituted about 91% of the total monetary losses for the month, with a combined figure of US$578 million (AU$803.4 million).
The remaining breaches included notable, albeit smaller, losses from various platforms. For instance, Rhea Lend recorded losses of US$18.4 million (AU$25.6 million), while Grinex and Wasabi Perps faced losses of US$15 million (AU$20.9 million) and US$5.5 million (AU$7.6 million), respectively. Additionally, there were over 20 other incidents affecting DeFi, wallets, and infrastructure.
KelpDAO Bridge Exploit
Further investigation by Chainalysis, a leading blockchain analysis firm, revealed that the KelpDAO breach involved an estimated US$292 million (AU$405.9 million) stolen by attackers affiliated with North Korea’s Lazarus Group on April 18. Notably, this incident was attributed not to a flaw in the smart contract layer, but rather to deficiencies in off-chain verification protocols.
Chainalysis detailed that compromised RPC nodes and targeted denial-of-service attacks against external nodes misled the verification process. Thus, a transaction was incorrectly deemed valid despite being built on manipulated underlying data. Following the exploit, KelpDAO took decisive action by pausing contracts to prevent further attempts, which included stopping a second theft of 40,000 rsETH, equivalent to approximately US$95 million (AU$132.1 million). Additionally, the Arbitrum Security Council managed to freeze 30,766 ETH that the attackers had attempted to move.
Ripple Effects on Aave
The aftermath of the KelpDAO exploit led to dramatic liquidity shifts in various protocols. In a rapid sequence of events, the KelpDAO bridge adapter released 116,500 rsETH within a single block, which allowed the attacker to loop collateral through lending platforms such as Aave, Compound, and Euler. This chain of transactions resulted in roughly US$236 million (AU$328.0 million) in wrapped ETH (WETH) and staked ETH (wstETH) being exploited in a mere 46 minutes.
According to data from Glassnode, the available liquidity in Aave’s V3 Ethereum Core plummeted from US$9.77 billion (AU$13.58 billion) to US$5.75 billion (AU$7.99 billion) within a mere 29 hours post-exploit. Specifically, liquidity for WETH fell alarmingly from US$689 million (AU$957.7 million) to just US$1.5 million (AU$2.1 million) by 7:00 p.m. UTC on the same day as utilisation rates shot up to 100%. Although Glassnode noted that the individual components of the protocol—including contracts, oracles, and liquidation mechanisms—functioned correctly, the incident significantly underscored the potential vulnerabilities posed by bridge verification inaccuracies, which can lead to cascading liquidity crises in lending ecosystems.
Conclusion
April 2026 serves as a stark reminder of the vulnerabilities inherent within the cryptocurrency realm. With the exponential increase in exploits, there are pressing calls for enhanced security measures across decentralised platforms to mitigate such risks. The incidents at KelpDAO and Drift Protocol highlight critical areas of concern related to off-chain infrastructure and its implications for market stability, beckoning a collaborative effort from the wider crypto community to bolster security frameworks.
