Crypto exploit losses jump 10x in April as attacks shift from frequent to catastrophic

Crypto exploit losses surged past $630 million in April, marking one of the worst months for security breaches in recent years and signaling a shift in how risks are emerging across the ecosystem. Data shared by CertiK shows April losses exceeding $633 million, driven largely by two major incidents — the Kelp DAO exploit and the Drift Protocol breach.  Combined, both accounted for roughly $576 million, highlighting how a handful of attacks can now dominate monthly totals. From steady losses to sudden spikes The scale of April's losses stands in sharp contrast to March. CertiK reported approximately $59.5 million in total losses for March 2026, spread across 145 separate incidents. Most March exploits were relatively contained. Wallet compromises, phishing attacks, and smaller smart contract vulnerabilities made up the bulk of losses. The largest single incident during that period was just under $27 million. April tells a different story. Instead of a high number of smaller exploits, losses concentrated around a few large-scale failures, pushing the total more than ten times higher in a single month. Fewer incidents, greater impact The shift suggests a change in attacker behavior and risk exposure. Rather than targeting isolated vulnerabilities, recent exploits have focused on critical infrastructure layers within DeFi. The Kelp DAO incident, for example, exploited cross-chain mechanisms and triggered a shortfall in rsETH backing, which spread across multiple protocols.  This exposure forced platforms like Aave to implement emergency measures, including pausing affected markets and coordinating recovery efforts. Similarly, the Drift Protocol exploit involved a compromise of privileged access, allowing attackers to manipulate core platform functions. The breach led to losses estimated at over $280 million and raised concerns about governance and operational security. Systemic risk replaces isolated failures April's events highlight how interconnected DeFi protocols have become. Unlike earlier exploits that impacted single platforms, recent incidents have produced second-order effects across lending markets, liquidity pools, and collateral systems. This interconnectedness means that a vulnerability in one protocol can quickly translate into broader financial stress elsewhere. In the case of rsETH, the initial exploit created pressure on leveraged positions, raising the risk of liquidations and bad debt across multiple platforms. A new phase for crypto security The data points to a broader transition in crypto security risks. The number of incidents no longer defines losses; rather, it is the scale and systemic impact of a few high-profile attacks. While phishing and wallet compromises remain common, the largest financial damage now stems from infrastructure-level failures, including cross-chain bridges, governance controls, and oracle dependencies. Final Summary Crypto exploit losses exceeded $630 million in April, up from about $59.5 million in March, a more than tenfold increase. The shift reflects a move from frequent, small attacks to fewer, more damaging exploits with systemic impact across DeFi.