April set a grim record for the cryptocurrency industry with 29 separate hacks or exploits, the highest monthly tally in its history. The combined losses exceeded $635 million, driven by major attacks on the Solana-based exchange Drift and the Ethereum restaking app Kelp DAO, which lost a combined $579 million. Security experts pointed to centralised weak points and a surge in code bugs, with artificial intelligence making it easier for hackers to find vulnerabilities.
April was a historically bad month for cryptocurrency security. A record 29 projects suffered hacks or exploits, according to DefiLlama data.
Two major incidents dominated the losses. Hackers stole approximately $285 million from Drift and around $273 million from Kelp DAO.
The attacks have sparked a crisis of confidence among industry proponents. They are questioning the tradeoffs inherent in decentralised technology.
The problem, according to Curve Finance founder Michael Egorov, is centralisation. “We need to reduce the number of single points of failure as much as possible,” Egorov stated.
The Drift hack resulted from North Korean hackers compromising two employees. The Kelp DAO exploit leveraged a poorly configured bridge that required only a single operator.
Yet centralisation was not the only vulnerability. Code bugs caused 24 of the 29 incidents last month.
Advances in artificial intelligence are aiding hackers. Bad actors now use large language models to scan thousands of lines of code per second.
Despite their frequency, code bug exploits accounted for only $42 million of the total losses. The two major centralised failures made up the vast majority of the stolen funds.
April was not the worst month by total value stolen. Hackers reportedly stole about $3.5 billion in December 2020, primarily from Bitcoin mining company LuBian.
The next largest theft occurred in February 2023. North Korean hackers stole $1.5 billion from crypto exchange Bybit.
