April 19, this month has become one of the most severe months in the cryptocurrency industry for losses caused by hacker attacks. As of now, at least 13 crypto protocols and platforms have been targeted with attacks of varying scales, with cumulative losses exceeding $600 million. Among them, in the two incidents involving Drift and KelpDAO, the losses each exceeded $280 million, and multiple major events have been traced back to North Korea–linked hacker groups. The main incidents include:

On April 1, Solana’s largest decentralized perpetual contract trading platform, Drift Protocol, was stolen for about $285 million. The on-chain layout began on March 11, when the attacker withdrew 10 ETH from Tornado Cash, lasting nearly 3 weeks; the actual execution on April 1 took about 12 minutes in total, and most of the funds were cross-chained to Ethereum via Circle CCTP within a few hours. This incident is the second-largest security event in Solana’s history, second only to the $326 million Wormhole cross-chain bridge incident in 2022.

On April 13, blockchain interoperability protocol Hyperbridge was attacked due to a cross-chain proof verification vulnerability, resulting in losses of about $2.5 million. On April 16, the NEAR ecosystem lending protocol Rhea Finance was attacked, with total losses of $18.4 million. Also on April 16, the Russia-related trading platform Grinex was attacked, with losses of about $15 million.

On April 18, Ethereum liquidity re-staking protocol Kelp DAO was attacked, and approximately 116.5k rsETH (worth about $292 million, accounting for about 18% of rsETH’s circulating supply) was stolen. The attackers forged cross-chain messages to induce the LayerZero EndpointV2 contract’s lzReceive function to release bridge reserves. This incident has surpassed Drift to become the largest DeFi hacking incident as of now in 2026. #GatePreIPOs首发SpaceX