In April, losses in the cryptocurrency industry exceeded $600 million, with KelpDAO and Drift thefts each surpassing $280 million.

Mars Finance reports that on April 19, this month has become one of the most severe months for losses caused by hacker attacks in the cryptocurrency industry. So far, at least 13 crypto protocols and platforms have been targeted with different sizes of attacks, with cumulative losses exceeding $600 million. Among them, the two incidents involving Drift and KelpDAO each resulted in losses exceeding $280 million, and multiple major incidents have been traced back to hacker groups related to North Korea. Key incidents include:

On April 1, Solana’s largest decentralized perpetual contract trading platform, Drift Protocol, was stolen of approximately $285 million. The on-chain setup began on March 11, when the attacker withdrew 10 ETH from Tornado Cash, taking nearly 3 weeks; the actual execution on April 1 lasted about 12 minutes, and most funds were cross-chained to Ethereum via Circle CCTP within a few hours. This incident is the second-largest security incident in Solana’s history, second only to the $326 million Wormhole cross-chain bridge incident in 2022.

On April 13, the blockchain interoperability protocol Hyperbridge was attacked due to a cross-chain proof verification vulnerability, with losses of about $2.5 million.

On April 16, the NEAR ecosystem lending protocol Rhea Finance was attacked, with total losses of $18.4 million.

On April 16, a Russia-related trading platform, Grinex, was attacked, with losses of about $15 million.

On April 18, Ethereum liquidity re-staking protocol Kelp DAO was attacked; approximately 116,500 rsETH (worth about $292 million, accounting for about 18% of rsETH’s circulating supply) was stolen. The attacker forged cross-chain messages to trick the LayerZero EndpointV2 contract’s lzReceive function into releasing bridge reserves. This incident has surpassed Drift to become the largest DeFi hacking event in 2026 so far.