Crypto Hackers Drain $1.08 Billion in 68 Attacks as Social Engineering Surges

Hackers took $1.08 billion from crypto platforms in 68 separate incidents through April 2026. April alone saw 30 of those thefts.

The pace hit more than one hack per day this month. Last week brought 13 separate losses worth over $11 million combined. Protos put together a full list of the attacks on their site, tracking each incident as it happened.

Security Firms Under Fire

Security companies can’t keep up with the wave. Alchemix, Trading Strategy, and Yearn Finance all went after Peckshield recently, saying the firm’s security alerts made it look like their products had problems when really the issue was external contracts they didn’t control. The criticism got pretty heated.

Even the security experts aren’t safe. A business development manager at CertiK had his Telegram account hijacked. Hackers used it to spread malware through fake meeting links. CertiK does crypto audits for a living, which makes the breach kind of embarrassing.

The visibility of these hacks has jumped partly because of AI. Hackers use AI tools to find weak spots faster. Security researchers use the same tools to spot suspicious transactions on blockchains. It cuts both ways.

Pigi Finance ran the numbers and found that 3.37% of DeFi assets get lost to protocol exploits every year. That’s just protocol-level stuff—doesn’t count bridge hacks or phishing. The percentage seems small until you remember how much money sits in DeFi protocols.

Smaller Contracts Get Hit Hard

Older contracts and smaller projects are getting hammered. They don’t have the same security budgets as the big players. AI-powered tools make it easier for hackers to scan thousands of contracts looking for the vulnerable ones. Once they find a target, the attack happens fast.

Protocol security has actually gotten better. Smart contract exploits are down compared to a few years ago. But hackers adapted. They shifted to social engineering—long-term operations targeting people instead of code.

The two biggest April hacks prove the point. Drift Protocol and Kelp DAO lost $570 million combined. Neither hack came from a smart contract bug. Both involved sophisticated social engineering tactics, probably months in the planning.

More context: Robinhood Users Hit by Phishing Scam That Fooled Gmails Security Filters

ImmuneFi tracks security breaches across crypto and sees the same pattern. Fewer attacks overall, but the ones that succeed are bigger and more complex. Hackers spend weeks or months building trust with employees at target companies. They use spear-phishing, fake job offers, compromised personal accounts—whatever works to get inside access.

The shift makes sense from the hacker’s perspective. Why spend time looking for a smart contract vulnerability that might not exist when you can trick someone into giving you their credentials? High-value targets justify the extra effort.

Security firms are caught between projects and reality. Projects want reassurance that their code is safe. Security firms want to warn users about risks. When Peckshield flagged issues with external contracts, the projects saw it as unfair criticism. They didn’t write those contracts. But users don’t always understand the distinction between a project’s core code and the third-party services it relies on.

The tension probably won’t ease up. As long as hacks keep happening, projects will stay defensive about their security reputations. Security firms will keep flagging risks, even when it makes clients uncomfortable.

AI’s role keeps growing on both sides. Hackers use machine learning to analyze blockchain data and find patterns that reveal vulnerabilities. Security researchers use similar tools to monitor transactions and catch suspicious activity before it causes major damage. The arms race accelerated this year.

More context: Aftermath Exploit Drains DeFi Funds as April Hacking Spree Worsens

Smaller protocols face a tough choice. Upgrading security costs money. Audits from reputable firms run six figures. Ongoing monitoring adds more expense. But skipping those costs means staying vulnerable to attacks that could wipe out the entire project. Some teams are betting they’re too small to attract attention. That bet doesn’t always work out.

The 13 hacks last week alone show the scale of the problem. Most of those losses were under a million dollars each. They didn’t make headlines. But they add up. And each one represents a project that might not recover and users who lost funds.

April’s numbers are probably not an anomaly. The tools and tactics hackers developed this year won’t disappear. Social engineering campaigns that are already underway won’t suddenly stop. May could look similar.