In April 2026, crypto hacks reached a record monthly high, with 29 incidents and $651 million in losses. Drift Protocol and Kelp DAO accounted for most of the losses, raising fresh concerns over DeFi security, North Korean cyber activity, social engineering attacks, and institutional trust in blockchain infrastructure
April 2026 became the worst month on record for cryptocurrency hacks by incident count, with DeFiLlama tracking 29 attacks across crypto projects. Security firm CertiK reported $651 million in losses, making April the largest monthly total since March 2022, excluding the February 2025 Bybit hack.
The wave of attacks turned attention back to DeFi security, admin key access, and state-backed hacking groups. At the same time, market watchers raised doubts over whether open blockchain networks are ready for large financial institutions.
Drift and Kelp DAO Drive April Losses
Drift Protocol and Kelp DAO hacks were the two largest incidents in April with combined losses reaching about $579 million. Kelp DAO recorded the biggest single loss at about $292 million, while Solana-based derivatives exchange Drift Protocol lost about $280 million.
The Kelp DAO incident also raised concerns around bad debt in DeFi lending markets. Several groups later pledged emergency loans and donations to help reduce pressure linked to the attack.
Drift Protocol said its incident followed a long social engineering campaign. The team said attackers spent about six months targeting people linked to the project before gaining access to critical systems.
The method raised concern because the attack did not appear to rely only on a smart contract flaw. An X user known as CuriousCrypto said, “Drift and Kelp were not caused by a code bug. It was social engineering carried out over months against people with admin keys.”
North Korea Link Draws More Attention
The Drift case added to concerns over North Korean cyber activity in crypto markets. According to TRM Labs, around 76% of crypto value taken through hacks this year has links to North Korea, based mainly on the Drift and Kelp DAO incidents.
TRM Labs also said North Korean hacking groups have taken more than $6 billion from crypto operations over several years. These attacks have often targeted exchanges, DeFi platforms, bridges, and teams with access to private systems.
Reports linked several major attacks to advanced social engineering. In many cases, this can include fake job offers, long online contact, malware, or attempts to reach people with access to key systems.
However, naming the attackers is not always simple in crypto hacks. Security teams usually study wallet movements, attack patterns and off-chain clues. For that reason, some claims about who was behind an attack may remain open until more evidence comes out.
Smaller Hacks Add to Security Concerns
April also included smaller attacks across the crypto sector. Polkadot-based Hyperbridge lost about $2.5 million after an attacker used a token gateway weakness.
The attacker first stole about 245 ether. About an hour later, the same attacker used a forged cross-chain message to bypass Merkle Mountain Range proof checks.
The attacker then minted and sold about 1 billion bridged DOT tokens. The case showed how bridge systems can face risks when message verification fails.
These incidents added to earlier concerns from DeFi users and institutions. Balancer’s $120 million hack last year had already raised questions because the affected smart contracts had been audited and used for years.
Wall Street Weighs Blockchain Risk
The April hack wave came as traditional finance firms explored tokenization and blockchain settlement. BlackRock and JPMorgan leaders have spoken about tokenized assets, but DeFi security remains a barrier for large institutions.
JPMorgan analysts recently said, “Persistent security vulnerabilities and a stagnant total value locked continue to limit DeFi’s institutional appeal.” The statement reflected caution from firms that need stronger controls before moving large assets onchain.
Some banks may prefer permissioned blockchain networks. These systems allow selected parties to manage access, review activity and reverse transactions when errors or theft occur.
Still, that approach raises questions about decentralization in crypto. Stablecoin issuers and blockchain teams have already frozen funds or limited transfers after attacks, showing that some crypto systems depend on central controls.
April’s record hack count therefore leaves the sector facing closer review. DeFi projects may need stronger access control, better monitoring, and clearer emergency plans as institutions assess whether blockchain infrastructure can support large-scale financial use.
