Crypto sector faces surge of attacks: Over 12 platforms compromised following Drift Protocol breach
The cryptocurrency industry experienced a succession of security breaches impacting no fewer than 12 platforms, among them Rhea Finance and Grinex, in the aftermath of the Drift exploit this week.
A minimum of 12 decentralized finance protocols and cryptocurrency enterprises have fallen victim to cyberattacks within a span of slightly more than two weeks following the April 1 Drift Protocol breach that saw $280 million stolen.
Cryptocurrency protocols and companies that have experienced attacks since April began include CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, BSC TMM, Aethir, MONA, Zerion, and in the most recent incidents, Rhea Finance along with the Grinex exchange platform.
On April 1, the Drift Protocol experienced one of the year's most significant exploits, with approximately $280 million drained through an extended social engineering operation believed to have connections to actors affiliated with North Korea.
These security incidents are occurring against a backdrop of mounting apprehension this month regarding the potential for advancing artificial intelligence models, including Anthropic's Claude Mythos and comparable systems, to potentially facilitate cyberattacks with greater ease in the coming years.
Rhea Finance exploited for $7.6 million
On Thursday, the DeFi protocol Rhea Finance disclosed that a malicious actor "leveraged a vulnerability in Rhea's Margin Trading feature to execute a coordinated pool manipulation attack," which affected the Rhea Lend smart contract infrastructure.
Approximately $7.6 million in assets were drained from the protocol, based on findings from blockchain security company CertiK.
"The attacker created fake token contracts and added liquidity in fresh pools, likely misleading the oracle and validation layer," the security firm detailed in its analysis.
At the same time, the Grinex exchange, which has connections to Russia, halted its operations following a $13.7 million security breach on Thursday, attributing the intrusion to "unfriendly states" as the source of the attack.
An additional attack during this month targeted the Binance Smart Chain TMM/USDT liquidity pool, which experienced a reserve manipulation attack that led to losses totaling approximately $1.67 million in the early part of April, according to R3ACH Network analyst Jussy's statement on Thursday.
This incident occurred mere days after bridge aggregator Dango experienced losses of $410,000 stemming from a smart contract vulnerability on April 13.
Within the same month, the lending protocol Silo Finance suffered a loss of $392,000 on April 3 due to a misconfigured oracle exploit, and the decentralized GPU cloud computing platform Aethir experienced a $423,000 loss through an access control exploit on April 9.
DPRK ups AI social engineering attacks
Both the Drift Protocol and Zerion wallet security breaches served as illustrations of Democratic People's Republic of Korea-affiliated groups employing artificial intelligence and social engineering techniques to penetrate crypto companies with the objective of stealing authentication credentials and financial assets.
Cybercriminals successfully stole more than $168.6 million worth of cryptocurrency from 34 DeFi protocols during the first quarter of 2026, based on statistics compiled by DefiLlama.