-
\t
- April 2026 set a record with 29 crypto hacks totaling $651 million in losses.
- North Korea stole $575 million in just 18 days through the Drift and Kelp DAO attacks.
- Cross-chain bridges remain single points of failure despite decentralization claims.
\t
\t
April 2026 became the worst month on record for crypto hacks, with 29 incidents tracked by DefiLlama resulting in $651 million in losses [Gizmodo reports](https://gizmodo.com/april-was-the-worst-ever-month-on-record-for-crypto-hacks-2000753890). This marks the largest monthly total since March 2022, excluding the February 2025 Bybit hack that saw North Korean actors steal $1.5 billion in Ethereum [Dark Reading reports](https://www.darkreading.com/cybersecurity-analytics/crypto-stolen-2026-north-korea).
The two most notable attacks—Drift and Kelp DAO—combined for $579 million in losses, both attributed to North Korean hacking groups [TechCrunch reports](https://techcrunch.com/2026/04/20/north-korea-hackers-blamed-for-290m-crypto-theft/). The Drift protocol lost $285 million on April 1 after a six-month intelligence operation by a North Korean group gained control of a privileged AWS signing key [Gizmodo reports](https://gizmodo.com/crypto-project-details-alleged-6-month-north-korean-intel-op-behind-285-million-hack-2000741330). Just 18 days later, Kelp DAO lost $290 million in 46 minutes [Frontierbeat covered](https://frontierbeat.com/2026/04/20/kelp-dao-292m-bridge-hack-layerzero-2026/).
“North Korea stole $575 million in 18 days because the infrastructure they targeted had single points of trust, no provenance validation on assets moving between systems, and governance structures that could not respond at the speed of the attack,” said Bradley Smith, senior vice president and deputy CISO at BeyondTrust. Blockchain analytics firm TRM Labs found that 76% of all crypto value extracted from hacks in 2026 is connected to North Korea, with the regime taking in more than $6 billion from crypto hacking operations over the years [Gizmodo reports](https://gizmodo.com/april-was-the-worst-ever-month-on-record-for-crypto-hacks-2000753890).
DeFi’s Structural Vulnerabilities
The recent Kelp DAO exploit highlights a structural issue in DeFi: cross-chain bridges remain a single point of failure despite being marketed as decentralized infrastructure [Forbes reports](https://www.forbes.com/sites/digital-assets/2026/04/22/crypto-hacks-continue-to-stall-adoption/). This creates an accounting challenge for auditors evaluating control effectiveness when validation mechanisms rely on off-chain infrastructure or single points of access. DeFi continues to operate in a gray zone where governance is decentralized in theory but concentrated in practice, complicating accountability when failures occur.
AI is making crypto’s security problem worse by driving down the cost and difficulty of cyberattacks [CoinDesk reports](https://www.coindesk.com/tech/2026/04/05/ai-is-making-crypto-s-security-problem-even-worse-ledger-cto-warns). Hacks and exploits caused $1.4 billion in crypto losses over the past year, and AI-generated code with increasingly sophisticated malware demands a shift toward formal verification, hardware-based security and offline storage. Ledger CTO Charles Guillemet warned that users should assume many systems will eventually fail as the economics of cybersecurity break down.
Anthropic’s new Mythos AI model is shifting DeFi security focus from smart contract bugs to deeper infrastructure risks such as key management, bridges and oracle networks [CoinDesk reports](https://www.coindesk.com/tech/2026/04/25/how-anthropic-s-mythos-model-is-forcing-the-crypto-industry-to-rethink-everything-about-security). DeFi leaders say AI will arm both attackers and defenders, pushing protocols toward continuous, AI-driven auditing and widening the gap between projects that prioritize security and those that do not. “When I think about AI-driven threats, I’m less concerned about smart contract exploits and more focused on AI-assisted attacks against the human and infrastructure layers,” said Alchemy CEO.
North Korea’s Crypto Heist Machine
North Korea’s elite government hacking squad has become highly successful at stealing crypto, with the regime using stolen funds to finance its nuclear weapons and missile programs [NBC News reports](https://www.nbcnews.com/tech/crypto/north-korea-stole-billions-crypto-2025-new-research-says-rcna249738). The United Nations and private researchers have long accused North Korea of deploying hackers to steal cryptocurrency to evade international sanctions. No country has an alleged operation like North Korea’s, whose hackers working directly for the government routinely steal such large sums from companies around the world.
Last year, North Korean hackers stole more than $2 billion in crypto, breaking their own record of $1.3 billion [TechCrunch reports](https://techcrunch.com/2025/10/07/north-korean-hackers-stole-over-2-billion-in-crypto-so-far-in-2025-researchers-say). Between 2017 and 2023, North Korean hackers stole $3 billion in cryptocurrency according to UN estimates. Other victims include Axie Infinity ($625 million in 2022), Harmony ($100 million in 2022), and WazirX ($235 million in 2024). The Lazarus Group, North Korea’s primary hacking unit, has been active for years and continues to evolve its tactics [Frontierbeat covered](https://frontierbeat.com/2026/04/22/lazarus-mach-o-man-macos-malware-keychain-stealer-bot-token-exposed/).
Hackers stole $2.7 billion in crypto in 2025, a new record for crypto-stealing hacks according to blockchain-monitoring firms [TechCrunch reports](https://techcrunch.com/2025/12/23/hackers-stole-over-2-7-billion-in-crypto-in-2025-data-shows). The biggest hack by far was the breach at Dubai-based crypto exchange Bybit, where hackers stole around $1.4 billion. In 2024, hackers stole $2.2 billion in crypto, while the year before, in 2023, the total was $2 billion. The trend shows no sign of reversing as AI tools make attacks cheaper and faster.
DefiLlama tracked 29 crypto hack incidents in April 2026.