April 2026 Sets All-Time Record for Number of Crypto Hacks

A record-breaking month for crypto exploits

April 2026 has earned the unwanted distinction of being the most-hacked month in crypto history by number of incidents. According to DeFiLlama, more than 20 separate attacks occurred over the 30-day period, surpassing all previous monthly totals.

"April ends as the most-hacked month in crypto history, by number of incidents." — DefiLlama.com (@DefiLlama), original post

Blockchain security firm CertiK estimated combined losses from exploits at approximately $651 million. While that figure did not set an all-time monetary record, the sheer number of individual hacks exceeded any previously recorded month. CertiK noted that April's losses were the highest since March 2022 (~$715 million), excluding the Bybit incident in February 2025.

"Combining all the incidents in April we've confirmed ~$651M lost to exploits with ~$3.5M of the total attributed to phishing. April has had the highest losses recorded since March 2022 (~$715M), excluding Feb 2025 (Bybit)." — CertiK Alert (@CertiKAlert), original post

Why this matters

The unprecedented wave of exploits raises serious questions about the maturity of security practices across the DeFi ecosystem. With 24 projects compromised across multiple blockchains — Ethereum, Solana, Polkadot, and Sui — the problem appears systemic rather than isolated. Attackers employed a wide range of techniques from social engineering to cross-chain message forgery, suggesting that code audits alone are insufficient to prevent breaches.

The biggest incidents

Analyst Stacy Muur compiled a comprehensive list of affected protocols and pools, counting 24 separate theft events during the month.

"Full list of protocols & pools exploited in April (+2 since yesterday) ↓ Wasabi Protocol: $ unknown, Sweat: $3,500,000, Aftermath Finance: $114,000, Judao: $228,000, Singularity Finance: $413,000, ZetaChain: $300,000, Scallop Lend: $150,000, Purrlend: $1,500,000, Giddy:…" — Stacy Muur (@stacy_muur), original post

Kelp — $292 million

The largest single exploit targeted the Kelp protocol, resulting in $292 million in losses. The attack created cascading "bad debt" problems within lending protocol Aave, forcing its community to seek emergency loans and donations to cover the shortfall.

Drift Protocol — over $280 million

Solana-based Drift Protocol suffered the second-largest hack at more than $280 million. The project's team stated that the exploit was not caused by a code bug but rather a carefully planned operation involving social engineering tactics prepared over approximately six months.

Hyperbridge, Wasabi, and others

Polkadot-based Hyperbridge lost $2.5 million due to forged cross-chain messages. The attacker minted roughly 1 billion DOT tokens and sold them on the market.

On April 30, Wasabi Protocol was compromised with losses exceeding $5 million. Two days earlier, Ethereum infrastructure project Syndicate was hit for approximately $330,000, and Aftermath Finance on Sui had about $900,000 in USDC drained. ZetaChain was attacked on April 27 — developers stated the incident only affected the team's internal wallets, with losses totaling $333,868.

Mass wallet draining on Ethereum

Toward the end of the month, a researcher known as Wazz flagged the mass draining of hundreds of Ethereum wallets — many of which had been dormant for over seven years.

"Hundreds of wallets (many of which haven't been active in 7+ years) just got drained by the same address on ETH mainnet. Seems like a new live exploit, worth flagging." — Wazz (@WazzCrypto), original post

Phishing and the broader loss picture

Of the total losses, approximately $3.5 million was attributed to phishing attacks. Other affected protocols included Sweat ($3.5 million), Purrlend ($1.5 million), Singularity Finance ($413,000), ZetaChain ($300,000), Judao ($228,000), Scallop Lend ($150,000), and Aftermath Finance ($114,000).

April's relentless string of exploits underscores the urgent need for a comprehensive rethinking of DeFi security — spanning smart contract design, social engineering defenses, and cross-chain vulnerability management.