Cryptocurrency Thieves Have Plundered $17 Billion in Last Decade: DefiLlama Data
Breached private keys have dominated cryptocurrency theft losses throughout the last ten years, while modern DeFi attacks demonstrate hackers evolving past smart contract vulnerabilities.
Breaches involving private keys have become one of the cryptocurrency sector's most expensive forms of attack, with cybercriminals having stolen in excess of $17 billion through 518 documented incidents spanning the previous ten years, based on information from data analytics platform DefiLlama.
According to information released on Tuesday, DefiLlama's analytics dashboard reveals that a significant proportion of these security breaches originated from stolen private keys, in addition to phishing schemes and various credential-focused attack methods.
Approximately 22.3% of these security incidents were linked to compromised private keys obtained through "brute force" techniques, while 18.2% involved private key breaches through "unknown methods," and an additional 10% resulted from phishing campaigns targeting multi-signature wallets.
These statistics contribute to mounting evidence suggesting that some of the sector's most substantial financial losses are progressively originating from vulnerabilities in wallet protection systems, transaction signing infrastructure and end-user practices, as opposed to deficiencies in the underlying protocol code by itself.
These discoveries emerge just days following the cryptocurrency sector's most significant security breach of 2026 thus far, which occurred on Saturday when a malicious actor extracted approximately 116,500 restaked Ether (rsETH), valued at between $290 million and $293 million at that moment, from Kelp DAO's LayerZero-powered rsETH bridge.
Decentralized Finance Platforms Hemorrhaged $600 Million Across Two-Month Period: GSR Research
This current surge of financial losses has severely impacted decentralized finance as well. Over $600 million has been taken from DeFi platforms during the preceding 60 days, based on a Monday analysis from cryptocurrency trading firm GSR, with the Kelp security breach and the April 1 exploitation affecting Solana-based decentralized exchange Drift Protocol representing the majority of this sum.
These security breaches are generating fresh concerns regarding whether enhancing smart contract security audits by themselves is sufficient to safeguard users. Within its analysis, GSR indicated that cybercriminals seem to be pivoting toward "operational security, signing infrastructure, developer tooling, and the humans behind them" given that smart contract security keeps advancing.
This transition is creating pressure on a sector already confronting diminishing profit margins. "DeFi yields have compressed toward TradFi rates, raising the question of whether depositing onchain is still worth the risk," GSR wrote.
Low-Effort Attacks Proliferating Through Artificial Intelligence and Malicious Software
Cybersecurity organizations indicate that developments in malicious software and artificial intelligence are facilitating social engineering and wallet-focused attacks to be executed at greater scale, which involve scammers tricking victims into sending crypto to illicit addresses by first sending them small transactions, hoping that investors copy and paste the attacker's address from the transaction history.
The emergence of hacking-as-a-service platforms is additionally reducing the entry threshold for aspiring cybercriminals, based on statements from Dyma Budorin, co-founder and CEO of cybersecurity firm Hacken.
"If people are getting these links, their wallets can be completely drained. The platform on the darknet will take the commission for their tools and [scammers] get the bigger portion of the drained wallets."
Dyma Budorin told Cointelegraph in an interview at EthCC 2026
Budorin further explained that cybercriminals typically pursue the most vulnerable targets that demand the minimal effort to defraud.
Web3 initiatives experienced losses totaling $482 million throughout the initial quarter of 2026, with phishing schemes and social engineering frauds accounting for $306 million of these losses as the predominant attack method, based on an analysis published by Hacken.
Nevertheless, certain aspects of the security landscape have shown improvement. Scam Sniffer reported in a January analysis that financial losses connected to cryptocurrency phishing attacks declined substantially throughout 2025, indicating users were developing greater awareness of these threats, despite the fact that wallet-drainer scripts and emerging malware variants remained in active circulation.