DeFi Platforms Face 124% Surge in April Hacks, $92M Stolen
1min read Cryptocurrency hackers targeted decentralized finance (DeFi) platforms, successfully stealing $92 million in April. This figure represents a significant increase of over 124% compared to the previous month, March. The surge in attacks highlights the growing vulnerability of DeFi platforms to cyber threats. The data, provided by Immunefi, underscores the urgent need for enhanced security measures within the DeFi ecosystem. The substantial increase in the number of attacks from March to April indicates that hackers are becoming more sophisticated and aggressive in their methods. This trend poses a serious challenge for DeFi platforms, which must prioritize security to protect user funds and maintain trust in the system. The escalating frequency and severity of these attacks underscore the importance of continuous monitoring and the implementation of robust security protocols to safeguard against future breaches.
The month’s largest hack on open-source platform UPCX accounted for most of the damage in April, with over $70 million in losses, while KiloEx lost $7.5 million as April’s second-largest hack. The KiloEx exploiter returned the stolen funds just days after the attack occurred. All of April’s reported attacks targeted decentralized finance (DeFi) platforms. Centralized exchanges reported no incidents during the month. Immunefi, which says it helps protect $190 billion in user funds, has paid more than $116 million in bounties to white hat hackers.
Ask Aime: How can I protect my investments from DeFi platform hackers?
The report comes nearly two months after Bybit exchange lost over $1.4 billion on Feb. 21 — the largest hack in crypto history. “The sheer scale of the attack shows how state-backed actors are arguably the most pressing threat to our industry,” according to Mitchell Amador, Founder and CEO of Immunefi. “This is a reminder of the need for security measures that protect the entire security stack and help protocols prevent catastrophic attacks before they happen,” Amador told Cointelegraph, adding: “Protocols must be built for resilience under the assumption that attackers will find a way in, and investors must assume that even the safest-looking interfaces or emails might be traps.” He called for protocols to adopt a “zero-trust” approach and implement more robust protections across the entire technology stack. Bug bounties, regular audits and formal verifications will be essential to ensure to security of smart contracts and backed infrastructure, he said.
As of the end of April, hackers have already stolen more than $1.7 billion worth of digital assets in 2025, already surpassing the estimated $1.49 billion in losses for all of 2024. The state-backed North Korean Lazarus Group’s pause in the second half of 2024 may have been a repositioning in preparation for staging the world’s largest hack on Bybit, Eric Jardine, Chainalysis' cybercrimes research Lead, told Cointelegraph.
