DeFi‘s Security Woes Continue as Hackers Steal $92 Million in April
The cryptocurrency landscape experienced another unsettling chapter in April, with hackers targeting DeFi platforms and making off with over $92 million in digital assets. This figure represents a staggering 124% increase from the $41 million stolen in March, according to a research report by blockchain cybersecurity firm Immunefi. The report, released on April 30, highlighted the ongoing vulnerability of DeFi protocols and the increasing sophistication of hacking techniques.
The month’s most significant attack targeted the open-source platform UPCX, resulting in losses exceeding $70 million. This incident alone accounted for the majority of the total stolen funds in April. In a close second, KiloEx suffered a hack worth $7.5 million. However, in a rare turn of events, the KiloEx exploiter returned the stolen funds shortly after the attack. Notably, all reported attacks in April specifically targeted DeFi platforms, while centralized exchanges remained unscathed.
State-Backed Threats: A Growing Concern
The report comes on the heels of the record-breaking $1.4 billion hack on the Bybit exchange in February, which further fueled concerns about the involvement of state-backed hacking groups. Mitchell Amador, Founder and CEO of Immunefi, emphasized the urgent need for robust security measures to combat these threats.
“The sheer scale of the attack shows how state-backed actors are arguably the most pressing threat to our industry,” said Amador. “This is a reminder of the need for security measures that protect the entire security stack and help protocols prevent catastrophic attacks before they happen.”
Amador advocated for a “zero-trust” approach, which assumes potential vulnerabilities across the entire technology stack. This approach would involve implementing rigorous security checks and safeguards, including bug bounties, regular audits, and formal verifications. These measures aim to bolster the security of smart contracts and underlying infrastructure, ensuring their resilience against sophisticated hacking attempts.
The Cost of Insecurity
The escalating number of crypto hacks is alarming. As of the end of April, hackers have stolen over $1.7 billion in digital assets in 2025, surpassing the estimated $1.49 billion lost in all of 2024. The North Korean Lazarus Group, known for its involvement in high-profile cyberattacks, has been implicated in these attacks. While their activity was relatively quiet in the latter half of 2024, their recent actions suggest a strategic repositioning, potentially leading to the Bybit hack, according to Chainalysis’ cybercrimes research lead, Eric Jardine.
The DeFi sector’s rapid growth and decentralized nature have created an attractive target for hackers. While the industry continues to grapple with security challenges, the need for stronger safeguards is undeniable. Implementing robust security measures and a “zero-trust” approach are crucial steps towards building a more secure and resilient future for DeFi. As the crypto space continues to evolve, the fight against cybercrime remains a crucial battleground for its long-term stability and widespread adoption.
