Crypto hackers hit DeFi for $92M in April as attacks double from March

Cryptocurrency hackers stole more than $90 million in April, dealing another blow to the industry’s mainstream reputation despite ongoing efforts to improve cybersecurity.

Hackers made off with $92 million of digital assets across 15 incidents in April, according to an April 30 research report by blockchain cybersecurity firm Immunefi.

The total marks a 124% month-over-month increase from March, when hackers stole $41 million.

The month’s largest hack on open-source platform UPCX accounted for most of the damage in April, with over $70 million in losses, while KiloEx lost $7.5 million as April’s second-largest hack.

The KiloEx exploiter returned the stolen funds just days after the attack occurred.

All of April’s reported attacks targeted decentralized finance (DeFi) platforms. Centralized exchanges reported no incidents during the month, the report noted.

Immunefi, which says it helps protect $190 billion in user funds, has paid more than $116 million in bounties to white hat hackers.

Related: Bitcoin volatility lowest in 563 days, Hayes predicts $1M BTC by 2028

The report comes nearly two months after Bybit exchange lost over $1.4 billion on Feb. 21 — the largest hack in crypto history.

“The sheer scale of the attack shows how state-backed actors are arguably the most pressing threat to our industry,” according to Mitchell Amador, Founder and CEO of Immunefi.

“This is a reminder of the need for security measures that protect the entire security stack and help protocols prevent catastrophic attacks before they happen,” Amador told Cointelegraph, adding:

“Protocols must be built for resilience under the assumption that attackers will find a way in, and investors must assume that even the safest-looking interfaces or emails might be traps.”

He called for protocols to adopt a “zero-trust” approach and implement more robust protections across the entire technology stack.

Related: Bunq, Europe’s second-largest neobank, expands into crypto

Bug bounties, regular audits and formal verifications will be essential to ensure to security of smart contracts and backed infrastructure, he said.

As of the end of April, hackers have already stolen more than $1.7 billion worth of digital assets in 2025, already surpassing the estimated $1.49 billion in losses for all of 2024, according to Immunefi.

The state-backed  North Korean Lazarus Group’s pause in the second half of 2024 may have been a repositioning in preparation for staging the world’s largest hack on Bybit, Eric Jardine, Chainalysis’ cybercrimes research Lead, told Cointelegraph.

Magazine: Financial nihilism in crypto is over — It’s time to dream big again