In April 2026, the DeFi (Decentralized Finance) sector suffered a severe blow, with total losses from various security incidents exceeding $620 million, marking the most severe single-month record since February 2025.

Among these, two major attacks accounted for the majority of the losses: on April 1st, the Solana ecosystem perpetual contract platform Drift Protocol was compromised through social engineering infiltration and multi-signature governance failure, resulting in theft of approximately $285 million; on April 18th, the LayerZero cross-chain bridge of the liquidity re-pledge protocol KelpDAO was exploited due to configuration flaws, with hackers minting and transferring about $293 million worth of rsETH out of thin air. Additionally, at least 10 smaller-scale vulnerabilities, supply chain attacks, phishing scams, and other incidents involving Rhea Finance, Volo Protocol, and others further intensified industry security panic.

This month’s attacks exhibit new characteristics of “state-level hacker dominance, systemic infiltration, and cross-chain infrastructure breaches,” challenging the traditional defense system that relies solely on smart contract audits and damaging the overall trust in the crypto market.