According to DefiLlama, DeFi and on-chain infrastructure hacks caused $624.58 million in losses in April 2026, marking the sixth-largest monthly loss on record. The 23 incidents recorded that month also represent the highest number of attacks in a single month since tracking began in 2016.
Notable April hacks included attacks on restaking platform KelpDAO and decentralized exchange Drift Protocol. Attack vectors included cross-chain bridge exploits, oracle manipulation, fake collateral schemes, and hot wallet theft, indicating structural risks across wallet and infrastructure layers rather than isolated vulnerabilities.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Scallop Protocol Exploit Drains 150,000 SUI Tokens on April 28
According to the Sui Foundation and Scallop developers, the Scallop lending protocol on the Sui network experienced a targeted security exploit on April 28, 2026, resulting in the unauthorized drainage of approximately 150,000 SUI tokens from a rewards liquidity pool, valued at around $140,000.
GateNews1h ago
SWEAT Protocol Exploit Contained, User Balances Restored
The SWEAT protocol successfully contained a multi-million dollar exploit on Wednesday at approximately 13:36 UTC, with the team confirming that all external account balances have been fully restored and operations have returned to normal, according to a post-hack debrief shared by the SWEAT team on
CryptoFrontier1h ago
SlowMist warning: The Linux Copy Fail vulnerability is extremely easy to exploit; it’s recommended to upgrade the kernel as soon as possible.
SlowMist’s Chief Information Security Officer 23pds posted on X on April 30, stating that a logic vulnerability named “Copy Fail” (CVE-2026-31431) was found in Linux systems, which is extremely easy to exploit; SlowMist advises users to quickly upgrade the kernel.
MarketWhisper4h ago
Aftermath Finance suffers an attack loss of 1.14 million, Mysten Labs supports full compensation for users
According to GoPlus’ technical analysis of the attack incident released on April 30 and an official statement from Aftermath Finance, the Sui-chain perpetual contract platform Aftermath Finance was attacked on April 29, suffering losses of more than $1.14 million. With support from Mysten Labs and the Sui Foundation, the project announced that all users will receive full compensation.
MarketWhisper5h ago
Aftermath Finance Loses Over $1.14M in Attack on April 29, Promises Full User Compensation
According to PANews, Aftermath Finance, a perpetual futures platform on the Sui blockchain, lost over $1.14 million in an attack on April 29. GoPlus analysis revealed that attackers exploited a symbol mismatch vulnerability in the calculate_taker_fees function by stealing ADMIN privileges through th
GateNews6h ago
SWEAT agreement was stolen 13.71 billion tokens; after pausing the contracts, users’ funds were fully restored
According to the post-incident briefing released after the SWEAT protocol attack, the user funds that were stolen in the vulnerability incident that occurred on Wednesday have been fully restored, and the protocol operations have returned to normal. Crypto security company Blockaid estimates that the attacker stole approximately 13.71 billion SWEAT tokens; the SWEAT team quickly paused the token contract, and coordinated with exchanges and the liquidity provider Rhea Finance, ultimately restoring all users’ account balances.
MarketWhisper6h ago
