{"id":26361,"date":"2026-04-20T16:34:51","date_gmt":"2026-04-20T16:34:51","guid":{"rendered":"https:\/\/bitunikey.com\/news\/crypto-hacks-top-600m-in-april-as-market-prices-in-security-tax\/"},"modified":"2026-04-20T16:34:57","modified_gmt":"2026-04-20T16:34:57","slug":"crypto-hacks-top-600m-in-april-as-market-prices-in-security-tax","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/crypto-hacks-top-600m-in-april-as-market-prices-in-security-tax\/","title":{"rendered":"Crypto hacks top $600m in April as market prices in \u2018security tax\u2019"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">April has already seen over $600m stolen across DeFi, bridges and wallets, turning security from a protocol\u2011level concern into a full\u2011blown market risk premium.<\/p>\n<div id=\"cn-block-summary-block_fdd66d48857c4186dcd405936b5f2fe2\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Crypto protocols have already lost more than $600m to hacks in April, led by $292m stolen from KelpDAO and $285m from Drift Protocol.<\/li>\n<li>Exploits now cut across smart contracts, infrastructure and social\u2011engineering attacks, including AI\u2011driven campaigns against wallets like Zerion.<\/li>\n<li>Between 11:00 and 13:00 UTC, mid\u2011cap DeFi names saw capitulation\u2011style selloffs as derivatives markets priced in a persistent \u201csecurity risk premium.\u201d<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>Fresh aggregate figures show that crypto protocols have already lost over $606m to hacks in the first 18 days of April, making it the worst month for exploits since February 2025 and pushing 2026\u2019s year\u2011to\u2011date haul above $770m. According to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/defillama.com\/hacks\" target=\"_blank\" rel=\"nofollow\">data<\/a> from DefiLlama at least 13 protocols have been compromised this month, with KelpDAO and Drift Protocol alone accounting for around 95% of April\u2019s losses and roughly 75% of 2026\u2019s total.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>KelpDAO, an Ethereum liquid\u2011staking protocol, suffered an attack on April 18 that drained about 116,500 rsETH, valued at roughly $292m, after an attacker forged cross\u2011chain messages to trick a LayerZero EndpointV2 bridge contract into releasing reserves. Drift, Solana\u2019s largest decentralized perpetuals exchange, was hit on April 1 in what regional media called a \u201csophisticated\u201d exploit, losing about $285m in what is now the second\u2011largest security breach in Solana\u2019s history after the $326m Wormhole hack in 2022.<\/p>\n<h1 class=\"wp-block-heading\" id=\"from-contract-bugs-to-aidriven-social-engineering\">From contract bugs to AI\u2011driven social engineering<\/h1>\n<p>The latest wave of hacks is not confined to smart\u2011contract bugs or restaking primitives. Incidents have hit routing and infrastructure layers such as Hyperbridge as well as front\u2011end and DevOps providers like Vercel, where attackers accessed internal systems and are allegedly shopping stolen data for $2m to fuel \u201cglobal supply chain attacks.\u201d<\/p>\n<p>On the human side, wallet provider Zerion disclosed that it was targeted by North Korean hackers who used AI\u2011powered, long\u2011horizon social\u2011engineering campaigns to compromise hot\u2011wallet keys, stealing about $100,000 while leaving user funds and core infrastructure intact. The Security Alliance (SEAL) has identified at least 164 malicious domains tied to the DPRK\u2011linked group UNC1069, describing its playbook as defined by \u201cpatience, precision, and the deliberate weaponization of existing trust relationships.\u201d<\/p>\n<p>Industry data from earlier episodes, such as the $70m hot\u2011wallet exploit at Singapore\u2011based exchange Phemex in 2025, had already highlighted North Korea\u2011linked actors\u2019 tendency to quickly convert stolen USDT and USDC into ETH to evade blacklists, a pattern authorities say continues in 2026.<\/p>\n<p>Market structure reacted in real time as April\u2019s hacks piled up. Between 11:00 and 13:00 UTC on key news days, order books in weaker mid\u2011cap DeFi names showed classic \u201ccapitulation\u201d signatures: single\u2011session drawdowns of roughly 5\u20138%, thin bids and a visible rotation into protocols with cleaner security track records. Derivatives venues saw basket funding for DeFi tilt mildly negative while spot liquidity drained, the kind of configuration desks associate with a broad \u201csecurity tax\u201d on risk assets rather than isolated idiosyncratic shocks.<\/p>\n<p>For traders, that has turned security into an explicit factor: fading leveraged DeFi beta on exploit headlines, staying long centralized venues and volatility\u2011monetizing infrastructure, and keeping dry powder for forced sellers once bad debt and write\u2011downs are fully recognized on\u2011chain.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>April has already seen over $600m stolen across DeFi, bridges and wallets, turning security from a protocol\u2011level concern into a full\u2011blown market risk premium. Summary Crypto protocols have already lost&hellip;<\/p>\n","protected":false},"author":1,"featured_media":16591,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-26361","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=26361"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26361\/revisions"}],"predecessor-version":[{"id":26362,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26361\/revisions\/26362"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/16591"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=26361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=26361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=26361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}