#Gate广场五月交易分享

DeFi Losses Top $600M in April — The Worst Month in Crypto Security History

April 2026 is now confirmed as the most destructive month in decentralized finance history. DeFiLlama recorded 28–30 separate exploit incidents with losses exceeding $635 million, while CertiK's final monthly report pegged the total at approximately $651 million the worst figure since March 2022 when the industry lost roughly $715 million. This single month wiped out 3.7 times the entire Q1 2026 total of approximately $164 million and represented a staggering 1,140% surge over March's $52.2 million in losses. The hashtag #DeFiLossesTop600MInApril is confirmed, data-verified reality.

Two Megahacks Drove 93% of April's Losses

Drift Protocol (April 1): ~$285 million stolen. TRM Labs traced the attack to North Korean group UNC4736 (Citrine Sleet), which spent six months socially engineering Drift team members on Solana. The attacker gained control of a privileged AWS signing key, minted nearly 80 million USR tokens against minimal collateral, and drained USDC, JLP, SOL, and other assets from storage pools.

KelpDAO (April 18): ~$293 million stolen. The root cause was a catastrophic 1-of-1 Decentralized Verifier Network (DVN) configuration on KelpDAO's LayerZero V2 bridge. The attacker attributed to Lazarus Group (TraderTraitor) accessed two verifier nodes, injected fake cross-chain messages, then launched a DDoS attack against legitimate RPC nodes to force failover to attacker-controlled infrastructure. They drained 116,500 rsETH. LayerZero confirmed that a multi-DVN configuration would have prevented this entirely. Together, these two attacks comprised 93% of April's total dollar losses and both entered the top 10 biggest crypto hacks since 2021.

The Aave Cascade: $13B DeFi TVL Compression in 48 Hours

The KelpDAO attacker deposited $249.7 million of stolen rsETH as collateral on Aave V3 and V4 across Ethereum and Arbitrum, borrowing 83,427 WETH and wstETH (~$228.2 million real assets) against unbacked tokens. This created ~$196 million in Aave bad debt. Aave froze rsETH markets within hours, but panic cascaded: $8.45 billion in deposits fled Aave in 48 hours, driving a $13.21 billion decline in total DeFi TVL from $99.497 billion to $86.286 billion, a 13% compression in two days. The AAVE token dropped 16%. Ethereum saw $1.6 billion in DeFi outflows on April 24 alone.

North Korea: 76% of All 2026 Crypto Hack Losses

TRM Labs reports North Korean state-backed hackers account for 76% of all crypto hack and scam losses in 2026, with $575 million stolen in just 18 days from Drift and KelpDAO. Their total attributed thefts since 2017 exceed $6 billion. BeyondTrust's deputy CISO stated: "North Korea stole $575 million in 18 days because the infrastructure had single points of trust, no provenance validation, and governance structures that could not respond at the speed of the attack."

Attack Methodology Shift and Recovery Complications

April's exploits reveal a shift from smart-contract bugs to multi-layer threats combining social engineering, bridge spoofing, and infrastructure compromise. Four smaller exploits also targeted bridge components. Cross-chain bridges marketed as decentralized remain single points of failure. Recovery faces new obstacles: on-chain investigator ZachXBT exposed law firm Gerstein Harrow LLP filing fraudulent claims over $71 million in frozen KelpDAO ETH, attempting to prioritize a 2015 judgment over actual 2026 hack victims. Lazarus Group is suspected of moving $175M in ETH despite Arbitrum freezing $71M.

April 2026 proved three things: single-DVN bridge configurations are catastrophic attack surfaces, liquid restaking tokens as collateral create systemic risk that can compress $13B in TVL in 48 hours, and nation-state attackers now operate with months of social engineering combined with infrastructure-scale technical exploits. Multi-DVN configurations, provenance validation, and AI-driven continuous auditing are minimum survival requirements. The losses are verified. The structural vulnerabilities are documented. Unless DeFi fundamentally re-engineers its securit