Home > Blog > April 2025 Crypto Breaches Surpass $630 Million Ma...

April 2025 Crypto Breaches Surpass $630 Million Mark in Worst Month Since February

Alex Mitchell By Alex Mitchell
30.04.2026, 12:41

April 2025 Crypto Breaches Surpass $630 Million Mark in Worst Month Since February

Over 25 separate crypto security breaches in April have resulted in combined losses exceeding $630 million, marking the highest figure in recent months as DeFi platforms face escalating attacks despite enhanced security protocols.

A dramatic escalation in security breaches has plagued the cryptocurrency sector throughout April, with total losses exceeding $600 million in what represents the industry's most damaging month for hacks in over twelve months.

Data from DeFiLlama indicates that April's accumulated value from hacking incidents has reached $629.7 million, representing the most substantial figure since the $1.47 billion recorded in February 2025. The decentralized finance (DeFi) sector has emerged as the primary victim during this period, with the KelpDAO breach resulting in $293 million in losses and the Drift Protocol exploitation causing $280 million in damages—together comprising 82% of the month's total stolen funds.

DeFi hacks chart
Source: DeFiLlama

The fact that losses are concentrated among just a few major DeFi breaches demonstrates how even a limited number of sophisticated attacks can overshadow the wider security advancements being implemented throughout the industry. Analysis of these hacking incidents has also shown that the primary vulnerabilities increasingly stem from bridge exploits, unauthorized privileged access points, and operational breakdowns, moving beyond the traditional focus on smart contract coding errors.

DeFi platforms experience dramatic April hack escalation

Among the most recent security incidents was an attack on Wasabi Protocol, a DeFi derivatives trading platform, which according to Certik had approximately $5.5 million drained from its reserves across multiple blockchain networks including Ethereum, Base, Blast, and Berachain, with the exploitation still active at the time of reporting.

Additional recent breaches include Sweat Economy, a move-to-earn cryptocurrency application, which according to reports experienced a loss of $3.46 million—representing approximately 65% of its total liquidity pool—in a timeframe of less than 30 seconds. Subsequently, the protocol announced that the stolen assets were successfully frozen on the MEXC exchange immediately following the incident, with fund recovery operations currently in progress.

Sweat Economy hack
Source: Jussy

Aftermath Finance, which operates as a decentralized trading platform built on the Sui blockchain infrastructure, also fell victim to recent DeFi security breaches through an exploitation of its perpetuals trading platform. Data from Blockaid reveals that the malicious actor successfully extracted approximately $1.1 million in USDC stablecoin through 11 separate transactions executed over a period of roughly 36 minutes.

Security analysts from Chainalysis identify attackers targeting off-chain infrastructure instead of smart contract vulnerabilities

The surge in cryptocurrency exploitations throughout April represents an evolution toward increasingly sophisticated, multi-layered attack strategies that focus on offchain infrastructure components rather than exploiting vulnerabilities within smart contract code itself, according to Yaniv Nissenboim, who serves as head of security solutions at blockchain analytics firm Chainalysis, in his statement to Cointelegraph.

"What connects these incidents is that well-resourced attackers are finding novel ways to exploit the seams between on-chain protocols and the offchain systems they depend on,"

Yaniv Nissenboim, Chainalysis

Among the vulnerable entry points being exploited are compromised remote procedure call (RPC) nodes, security breaches affecting cloud-based key management infrastructure, and extended social engineering operations targeting personnel, according to his analysis. Frequently, blockchain transactions continue to display completely legitimate characteristics even after infrastructure components or human access control layers have already been successfully compromised by attackers.

According to Nissenboim, the implementation of real-time surveillance systems and automated protection mechanisms are becoming essential security measures, with particular attention to detecting anomalies including unusual minting activity patterns and discrepancies across multiple blockchain networks that can be identified immediately. He noted that in one particular instance, swift detection capabilities successfully prevented an additional theft attempt worth approximately $95 million during the KelpDAO security incident.

Standard Chartered's team of analysts, under the leadership of Geoffrey Kendrick, has characterized the KelpDAO incident as evidence of DeFi's increasing resilience and maturity rather than representing a catastrophic failure that undermines the sector's viability.

"While the recent KelpDAO theft and its impact on AAVE have raised questions around continued DeFi banking growth, we expect growth to remain on track as a maturing DeFi industry puts solutions in place to reduce vulnerabilities,"

Standard Chartered research note