- April 2026 set a record with 29 crypto hacks totaling $651 million in losses.
- North Korea stole $575 million in just 18 days through the Drift and Kelp DAO attacks.
- Cross-chain bridges remain single points of failure despite decentralization claims.
Gizmodo reports that April 2026 became the worst month on record for crypto hacks, with 29 incidents tracked by DefiLlama resulting in $651 million in losses. The previous record was set in March 2026 with $423 million in losses.
North Korea’s Lazarus Group was responsible for $575 million of the April losses, or 88% of the total, according to Gizmodo. The group executed two massive attacks in just 18 days: the Drift protocol exploit ($504 million) and the KelpDAO exploit ($71 million).
“The scale of these attacks is unprecedented,” said a spokesperson for the Blockchain Intelligence Group. “Lazarus Group has become the most sophisticated state-sponsored hacking operation in crypto history.”
Bridge Vulnerabilities Exposed
Cross-chain bridges remain the single biggest vulnerability in the crypto ecosystem, accounting for 60% of all hack losses in 2026, according to CoinDesk. Despite claims of decentralization, most bridges rely on centralized infrastructure that can be exploited.
The Drift protocol exploit was particularly devastating because it targeted a bridge connecting Solana to other chains. Attackers found a vulnerability in the bridge’s smart contract that allowed them to mint unlimited tokens and drain liquidity pools.
Bridge security has improved since the early days of DeFi, but the complexity of cross-chain transactions creates new attack vectors. Developers must implement rigorous security audits and bug bounty programs to protect user funds.
The crypto industry is investing heavily in bridge security, with over $2 billion allocated to security research and development in 2026, TechCrunch reports. However, hackers continue to find new vulnerabilities faster than they can be patched.
North Korea’s Crypto Heists
North Korea’s Lazarus Group has stolen over $6 billion in cryptocurrency since 2017, making it the most prolific state-sponsored hacking operation in history. The group uses sophisticated techniques to exploit vulnerabilities in crypto protocols and exchanges.
The group’s success is due in part to its state backing and access to advanced hacking tools. Lazarus Group operates with near-impunity, as North Korea is not subject to international law enforcement cooperation.
“Lazarus Group represents an existential threat to the crypto industry,” said a former FBI cybercrime investigator. “Until we can hold state-sponsored hackers accountable, these attacks will continue.”
The U.S. government has imposed sanctions on individuals and entities connected to Lazarus Group, but these measures have had limited impact. The group continues to evolve its tactics and find new targets.
April’s record losses have renewed calls for stronger crypto security regulations and international cooperation to combat state-sponsored hacking. The industry is working on new security standards, but implementation remains slow.
