Crypto hackers hit DeFi for $92M in April as attacks double from March

Cryptocurrency hackers stole more than $90 million in April, dealing another blow to the industry’s mainstream reputation despite ongoing efforts to improve cybersecurity.

Hackers made off with $92 million of digital assets across 15 incidents in April, according to an April 30 research report by blockchain cybersecurity firm Immunefi.

The total marks a 124% month-over-month increase from March, when hackers stole $41 million.

The month’s largest hack on open-source platform UPCX accounted for most of the damage in April, withover $70 millionin losses, whileKiloEx lost $7.5 millionas April’s second-largest hack.

TheKiloEx exploiter returnedthe stolen funds just days after the attack occurred.

All of April’s reported attacks targeted decentralized finance (DeFi) platforms. Centralized exchanges reported no incidents during the month, the report noted.

Immunefi, which says it helps protect $190 billion in user funds, has paid more than $116 million in bounties to white hat hackers.

Related:Bitcoin volatility lowest in 563 days, Hayes predicts $1M BTC by 2028

State-backed threats raise alarms

The report comes nearly two months after Bybit exchangelost over $1.4 billionon Feb. 21 — thelargest hack in crypto history.

“The sheer scale of the attack shows how state-backed actors are arguably the most pressing threat to our industry,” according to Mitchell Amador, Founder and CEO of Immunefi.

“This is a reminder of the need for security measures that protect the entire security stack and help protocols prevent catastrophic attacks before they happen,” Amador told Cointelegraph, adding:

He called for protocols to adopt a “zero-trust” approach and implement more robust protections across the entire technology stack.

Related:Bunq, Europe’s second-largest neobank, expands into crypto

Bug bounties, regular audits and formal verifications will be essential to ensure to security of smart contracts and backed infrastructure, he said.

As of the end of April, hackers have already stolen more than $1.7 billion worth of digital assets in 2025, already surpassing the estimated $1.49 billion in losses for all of 2024, according to Immunefi.

The state-backedNorth Korean Lazarus Group’s pause in the second half of 2024 may have been arepositioning in preparationfor staging the world’s largest hack on Bybit, Eric Jardine, Chainalysis’ cybercrimes research Lead, told Cointelegraph.

Magazine:Financial nihilism in crypto is over — It’s time to dream big again

Explore more articles like this

Subscribe to the Finance Redefined newsletter

A weekly toolkit that breaks down the latest DeFi developments, offers sharp analysis, and uncovers new financial opportunities to help you make smart decisions with confidence. Delivered every Friday

By subscribing, you agree to ourTerms of Services and Privacy Policy