Crypto hack losses surged dramatically in April, crossing $630 million according to data from CertiK. This is the most damaging month for the industry since early 2025, and the sharp increase follows a relatively quiet March to show a massive change in the structure of how attacks are happening across the ecosystem.
While total incidents did not spike significantly, the financial impact did, confirming that attackers behind crypto hack losses are moving away from frequent, low-value exploits toward fewer, highly targeted breaches capable of draining hundreds of millions in a single strike.
April Was Defined by Two Catastrophic Crypto Hack Losses
According to the CertiK report, April’s crypto hack losses were not evenly distributed. Instead, they were driven by a small number of high-impact incidents that reshaped the month. Notably, the Kelp DAO exploit, which resulted in approximately $293 million in losses, and the Drift Protocol breach, which accounted for around $280 million, together made up the overwhelming majority of April’s total damage. Combined, the two incidents contributed roughly 82% of all funds lost during the month.
This concentration tells a deeper story about how crypto security risk is increasingly about critical points of failure within interconnected systems instead of multiple exploits leading to massive crypto hack losses. Unlike earlier phases of the market, these incidents point to weaknesses at a more structural level instead of strictly smart contract vulnerabilities.
The contrast with March is particularly worth noticing. Just weeks earlier, losses were spread across a large number of smaller incidents, many of which involved phishing schemes, minor contract flaws, or user-level compromises. April flipped that pattern entirely with coordinated attacks instead of fragmented threats. This suggests that attackers are becoming more strategic. It also reflects the growing complexity of decentralized finance (DeFi). As protocols become more composable and interconnected, the failure or breach of one component can cascade into others.
DeFi’s Attack Schemes Are Expanding
DeFi once again sat at the center of April’s crypto hack losses, reinforcing its position as both the industry’s most innovative and most vulnerable segment. The Kelp DAO exploit highlighted risks in cross-chain infrastructure and liquidity design, while the Drift breach pointed to potential issues in privileged access and internal controls.
These are foundational layers of how modern DeFi systems operate. As a result, the nature of risk is evolving, making it no longer enough to secure individual smart contracts, but safeguarding interactions between protocols, governance mechanisms and permissions, as well as off-chain dependencies that influence on-chain behavior.
Each additional layer introduces new complexity, and with it, new avenues for exploitation are springing up. For investors, developers, and institutions, this raises a critical question: how do you price risk in a system where failures are rare, but catastrophic when they occur? Because in this next phase, the biggest risk is not how often systems fail, but how much they take down with them when they do.
