Hackers Had Their Best Month Ever in April 2026 — Here’s What Happened

TLDR

• April 2026 was the most-hacked month in crypto history by number of incidents, according to DeFi Llama
• Over 24 hacks were recorded, with more than $600 million stolen in total
• The Kelp DAO exploit was the largest single attack at $292 million
• Drift Protocol’s hack ranked second at over $280 million, described as a six-month “structured intelligence operation”
• A new live exploit draining dormant Ethereum wallets was flagged on April 30

April 2026 went down as the worst month ever recorded for crypto hacks, not by the amount stolen, but by the sheer number of attacks. DeFi Llama, a data tracking firm, confirmed that the number of exploits in April easily surpassed 20, which appears to be the first time that threshold has ever been crossed in a single month.

Crypto commentator Stacy Muur counted at least 24 separate incidents by late April, with total losses exceeding $600 million.

The biggest single attack of the month hit Kelp DAO, a DeFi protocol, for $292 million. The incident triggered concerns about bad debt at Aave, one of DeFi’s largest lending platforms. Several organizations responded with emergency loans and donations to help cover the shortfall.

The second-largest hack involved Drift Protocol, a Solana-based perpetuals exchange, which lost over $280 million. Drift later said the attack was not a simple code exploit. The team described it as a “structured intelligence operation” that had been in the works for around six months.

Social Engineering, Not Just Code Bugs

The methods behind April’s hacks are drawing attention on their own. One observer on X, posting under the name CuriousCrypto, noted that Drift and Kelp DAO were not brought down by technical vulnerabilities in their code. Instead, attackers used social engineering to target humans with access to admin keys.

This distinction is important. It means better code audits alone may not have prevented these attacks.

Another attack in April hit Hyperbridge, a Polkadot-native protocol, for $2.5 million. The attacker initially pulled around 245 ETH, then used a forged cross-chain message to bypass a key security check. This allowed them to mint approximately one billion bridged DOT tokens and sell them on the market.

Dormant Wallets Drained on Ethereum

On April 30, onchain analyst Wazz flagged what appeared to be a new, live exploit on Ethereum mainnet. Hundreds of wallets, many of which had not been active in over seven years, were drained by the same address in a short window of time.

The Lazarus Group, a hacking team linked to North Korea, was attributed with nearly 95% of April’s total losses, according to one report. The group had previously been connected to the $1.4 billion Bybit hack in February 2025.

DeFi Llama noted that while three previous months in crypto history saw total losses top $1 billion, April’s record stands on the volume of attacks rather than the dollar total.

The Arbitrum DAO began a vote on April 30 to release 30,766 frozen ETH to DeFi United, a move connected to the fallout from the Kelp DAO attack.

The post Hackers Had Their Best Month Ever in April 2026 — Here’s What Happened appeared first on CoinCentral.