DeFi Exploits Surge: $92M Stolen in April as Crypto Hacks Double
April 2025 witnessed a sharp increase in cryptocurrency hacks, with decentralized finance (DeFi) platforms bearing the brunt of the attacks. According to a report by blockchain security firm Immunefi, over $92 million was stolen across 15 incidents, representing a staggering 124% month-over-month increase from the $41 million stolen in March.
This surge in attacks underscores the ongoing challenges in securing the DeFi ecosystem and highlights the persistent threat posed by malicious actors. Despite ongoing efforts to enhance cybersecurity measures, the substantial losses continue to impact the industry’s reputation and erode user trust.
Key Highlights from April’s Crypto Hacks:
- Total Stolen: $92 million
- Number of Incidents: 15
- Month-over-Month Increase: 124% (from March’s $41 million)
- Target: Exclusively DeFi platforms
Largest Hacks in April:
- UPCX: The open-source platform UPCX suffered the largest blow, with over $70 million siphoned away by unauthorized transfers.
- KiloEx: The decentralized exchange KiloEx experienced a $7.5 million exploit. Fortunately, the exploiter returned the stolen funds shortly after the attack.
No Centralized Exchange Incidents
Notably, the Immunefi report indicated that no centralized exchanges were targeted during April. This could suggest enhanced security measures or a shift in attackers’ focus towards the often more vulnerable DeFi platforms.
The Growing Threat of State-Backed Actors
The Immunefi report follows a massive $1.4 billion hack on the Bybit exchange in February. This incident has raised concerns about the involvement of state-backed actors in cryptocurrency attacks. Mitchell Amador, Founder and CEO of Immunefi, stated that state-backed actors are “arguably the most pressing threat to our industry.”
Amador emphasized the need for protocols to adopt a “zero-trust” approach and implement robust security measures across the entire technology stack. He urged protocols to build resilience with the assumption that attackers will find a way in. He also warned investors to approach even the safest-looking interfaces with caution.
Immunefi’s Role in Cybersecurity
Immunefi, a prominent player in blockchain security, claims to protect $190 billion in user funds. The company has paid out over $116 million in bug bounties to white hat hackers, incentivizing them to identify and report vulnerabilities before they can be exploited.
Industry Response and Future Security Measures
The increasing sophistication and frequency of crypto hacks are prompting a renewed focus on security across the industry. Key strategies include:
- Bug Bounties: Offering financial rewards to ethical hackers for discovering vulnerabilities.
- Regular Audits: Engaging independent security firms to assess and identify weaknesses in smart contracts and infrastructure.
- Formal Verifications: Using mathematical techniques to prove the correctness of smart contract code.
- Zero Trust Architecture: Implementing security controls that assume no user or device is trustworthy, regardless of location.
2025: A Year of Significant Losses
As of the end of April 2025, hackers had already stolen over $1.7 billion worth of digital assets, surpassing the estimated $1.49 billion in losses for the entire year of 2024. This alarming trend highlights the urgent need for continued investment in and improvement of cybersecurity measures.
Lazarus Group’s Alleged Role
Eric Jardine, Chainalysis’ cybercrimes research Lead, suggested that the North Korean Lazarus Group’s reduced activity in the second half of 2024 may have been a strategic repositioning in preparation for the $1.4 billion Bybit hack.
Conclusion
The surge in DeFi hacks during April 2025 serves as a stark reminder of the vulnerabilities within the cryptocurrency ecosystem. As the industry continues to evolve, robust security measures, proactive threat detection, and collaborative efforts are essential to protect user funds and maintain the integrity of the DeFi space.
