Crypto Hackers Hit DeFi for $92M in April as Attacks Double from March
Cryptocurrency hackers have dealt another devastating blow to the industry, with digital asset thefts reaching a staggering $92 million in April. According to an April 30 research report by blockchain cybersecurity firm Immunefi, the total marks a 124% month-over-month increase from March, when hackers stole $41 million.
The total amount stolen in April is a significant jump from the estimated $1.49 billion lost in 2024. With this latest round of attacks, hackers have already surpassed the previous year's losses, and the trend shows no signs of slowing down. As of the end of April, hackers have stolen more than $1.7 billion worth of digital assets in 2025 alone.
The majority of the damage was caused by a single hack on an open-source platform, UPCX, which accounted for over $70 million in losses. KiloEx suffered a second-largest attack, with hackers making off with $7.5 million. The good news is that the KiloEx exploiter returned the stolen funds just days after the attack occurred.
All of April's reported attacks targeted decentralized finance (DeFi) platforms, while centralized exchanges reported no incidents during the month. This highlights the vulnerability of DeFi protocols to cyberattacks and the need for robust security measures to prevent such breaches.
"The sheer scale of the attack shows how state-backed actors are arguably the most pressing threat to our industry," said Mitchell Amador, Founder and CEO of Immunefi. "This is a reminder of the need for security measures that protect the entire security stack and help protocols prevent catastrophic attacks before they happen."
Amador called for protocols to adopt a "zero-trust" approach and implement more robust protections across the entire technology stack. He emphasized the importance of bug bounties, regular audits, and formal verifications to ensure the security of smart contracts and backed infrastructure.
The State of Crypto Security
According to Eric Jardine, Chainalysis' cybercrimes research Lead, the state-backed North Korean Lazarus Group's pause in the second half of 2024 may have been a repositioning in preparation for staging the world's largest hack on Bybit. This highlights the ongoing threat posed by state-sponsored actors and the need for continued vigilance and cooperation between industry stakeholders.
The Industry Reacts
The recent surge in crypto hacking incidents serves as a wake-up call for the industry to take security measures seriously. With over $190 billion in user funds protected by Immunefi, it's clear that cybersecurity is an ongoing battle. As Amador noted, the industry must work together to prevent catastrophic attacks and ensure the integrity of DeFi protocols.
A Call to Action
As the crypto landscape continues to evolve, it's essential for developers, investors, and regulators to prioritize security and collaborate on solutions. By adopting a "zero-trust" approach and implementing robust protections across the entire technology stack, we can reduce the risk of devastating attacks like the one that occurred in April.
The financial impact of these hacks is staggering, but the real concern is the damage they cause to user trust and confidence in the industry. As the crypto community comes together to address this issue, it's clear that a new era of security awareness is underway.