TL;DR
- Rising credential attacks: DefiLlama data shows more than $17 billion stolen as crypto hackers increasingly target private keys and user behavior rather than protocol code.
- DeFi under strain: Over $600 million was drained from DeFi protocols in 60 days, with GSR warning that compressed yields may no longer justify exposure to crypto hackers and operational security failures.
- Evolving threat landscape: Malware, AIādriven scams, and hackingāasāaāservice tools are making it easier for crypto hackers to scale attacks, even as some phishing losses declined in 2025, according to Scam Sniffer.
Private key compromises have become one of the most damaging threats facing the industry, with crypto hackers stealing more than $17 billion across 518 incidents over the past decade, according to new figures from DefiLlama. The data highlights how credential-based attacks continue to outpace traditional protocol exploits, underscoring a shift toward weaknesses in wallet security, signing tools, and user behavior. As crypto hackers refine their methods, the scale of losses is prompting renewed scrutiny across the sector.
Over the past 10 years, more than $17B has been lost from 518 crypto hacks. pic.twitter.com/8NXiLMxpg9
— DefiLlama.com (@DefiLlama) April 20, 2026
Rising Losses Highlight Shifting Attack Patterns
DefiLlamaās dashboard shows that compromised private keys, phishing attempts, and other credential-focused breaches make up a large share of historical incidents. The trend has intensified in recent months, especially after the largest hack of 2026, when an attacker drained roughly 116,500 rsETH from Kelp DAOās LayerZero-powered bridge. The event reinforced concerns that crypto hackers are increasingly targeting operational layers rather than protocol code, exploiting human error and infrastructure gaps.
DeFi Protocols Face Mounting Pressure
The decentralized finance ecosystem has absorbed more than $600 million in losses over the past 60 days, according to a Monday report from GSR. The Kelp DAO exploit and the April 1 attack on Solana-based Drift Protocol accounted for most of the total. GSR noted that crypto hackers appear to be shifting toward operational security and developer tooling as smart contract audits improve. With DeFi yields compressing toward traditional finance levels, the firm questioned whether onchain deposits still justify the risk posed by crypto hackers.
Social Engineering and Malware Expand the Threat
Cybersecurity firms warn that advances in malware and artificial intelligence are making wallet-targeting schemes easier to scale. Scammers often send small transactions to victims, hoping they copy and paste malicious addresses from their history. Dyma Budorin of Hacken said hackingāasāaāservice platforms are lowering the barrier to entry, enabling crypto hackers to drain wallets with minimal effort. He added that crypto hackers typically pursue the easiest targets, relying on tools that automate much of the process.
Mixed Signals in User Awareness Trends
Web3 projects lost $482 million in Q1 2026, with phishing and social engineering driving $306 million of that total, according to Hacken. Even so, Scam Sniffer reported that losses tied to crypto phishing fell sharply in 2025, suggesting users are becoming more cautious. Still, crypto hackers continue adapting, and new malware strains keep emerging, ensuring the threat remains persistent.
