Over $606 million was stolen from cryptocurrency platforms in April 2026, exposing severe security weaknesses. Data from DeFiLlama shows the losses stemmed from infrastructure breaches and smart contract vulnerabilities, with the largest single incidents hitting KelpDAO for $292 million and Drift Trade for $285 million. Analysts noted most attacks were linked to preventable issues like poor access control and flawed code logic.
A wave of high-value exploits drained over $606 million from cryptocurrency platforms in April 2026, raising serious security questions across the industry. The attacks targeted both blockchain infrastructure systems and protocol logic, revealing widespread structural weaknesses.
The largest individual loss came from the staking platform KelpDAO, which was hacked for approximately $292 million. The second largest breach occurred at Drift Trade, sustaining a $285 million loss on April 1.
These incidents followed similar patterns pointing to deeper issues in how crypto systems are built and managed. Many attacks were linked to infrastructure problems like hot wallet compromises, allowing attackers to bypass smart contract protections entirely.
A significant number of exploits also originated from protocol logic errors within smart contracts. These errors included tactics like “fake state proofs” and “misconfigured oracles,” which were manipulated to drain funds.
The impact of these hacks extends beyond immediate financial loss by reducing trust in the broader cryptocurrency ecosystem. This trend highlights a major issue where security is sometimes treated as an afterthought in the race to innovate.
