Crypto Hacks Top $17 Billion as Attacks Shift to Infrastructure Targets
Crypto hackers have stolen more than $17 billion across 518 incidents over the past decade, according to data from DeFiLlama, underscoring the persistent vulnerability of digital asset infrastructure even as the industry matures.
Summary:
- Crypto losses exceed $17 billion over 10 years.
- 2025 marked the worst year with over $4 billion stolen.
- Recent attacks show a shift toward infrastructure exploits.
The figures translate to an average of roughly $33 million per exploit and highlight a steady cadence of attacks, with nearly one major breach occurring each week.
Private key compromises remain the largest single category, accounting for more than $3.6 billion in losses, often through brute-force attacks or social engineering tactics.
According to DefiLlama losses accelerated sharply in 2025, when total thefts surpassed $4.04 billion, making it the most damaging year on record. That trend has continued into 2026, with a series of high-profile exploits pointing to a changing threat landscape.
Infrastructure Attacks Replace Smart Contract Bugs
The April 18 exploit of Kelp DAO’s rsETH bridge, which resulted in losses of roughly $290 million, illustrates a growing shift away from traditional smart contract vulnerabilities toward infrastructure-level attacks.
Rather than exploiting on-chain code, attackers compromised off-chain components – specifically remote procedure call nodes used in the LayerZero verification system. By poisoning internal nodes and simultaneously launching denial-of-service attacks on external ones, the perpetrators forced the system to rely on manipulated data.
READ MORE: DOJ Restrains $700 Million in Crypto in Crackdown on ‘Pig Butchering’ Scams
This allowed them to fabricate a cross-chain transaction and release more than 116,000 rsETH on Ethereum without triggering any conventional security alarms. The incident has been described by analysts as a “zero-code exploit,” reflecting the increasing sophistication of attack vectors targeting the broader ecosystem rather than individual contracts.
State Actors and Systemic Risk
Security firms including Chainalysis and Galaxy have linked the attack to North Korea’s Lazarus Group. The same group was also implicated in a $285 million exploit of Drift Protocol earlier in April. This brings its total haul for the month to more than $570 million.
The impact quickly spread across the DeFi ecosystem. The attacker used the stolen rsETH as collateral to borrow ETH from lending platforms. Protocols such as Aave and SparkLend responded by freezing related markets.
Users reacted by withdrawing funds at scale. Aave’s total value locked dropped by more than $8 billion within 48 hours. The wider DeFi sector saw outflows of around $13 billion over the same period.
Concerns over bad debt added further pressure. Estimates range between $123 million and $230 million.
Protocols and security teams moved quickly to respond. Some of the stolen funds were frozen. Infrastructure providers also introduced new safeguards to remove single points of failure.
The pattern is becoming clear. Hackers are moving beyond code-level exploits. They are now targeting infrastructure, human processes, and operational layers.
This shift significantly expands the attack surface. It also raises new questions about whether existing security frameworks can keep pace with increasingly sophisticated threats.
The information presented in this article is intended for informational purposes only and should not be interpreted as financial, investment, or trading advice. Coinspress.com does not promote or advocate for any particular investment strategy, asset, or cryptocurrency project. Cryptocurrency markets are highly volatile and unpredictable – always perform your own research and seek guidance from a qualified financial professional before making any investment decisions.
Alexander Stefanov
Reporter at CoinsPress
Alex is Editor-in-Chief of Coinspress and co-founder of Millennial Media Group, with nearly a decade of experience covering financial markets - crypto first, then everything else. It started in 2016 with Bitcoin. Like most people at the time, he didn't fully understand it - so he kept digging. Blockchain, tokenomics, the projects, the cycles. That curiosity never stopped, and eventually pulled him into traditional markets too: equities, commodities, macro. Not because he left crypto behind, but because you can't properly understand one without the other. What drives him is straightforward: he wants to know why something is happening, not just that it's happening. Most market coverage stops at the headline - price up, price down, here's a chart. Alex finds that kind of reporting actively unhelpful. If you walk away from an article without understanding the mechanism behind the move, what did you actually learn? He holds a degree in Tourism from New Bulgarian University - not the most obvious path into financial markets, but markets have a way of pulling in people who are simply too curious to stay out. He has authored over 200 in-depth analyses and more than 10,000 articles across crypto and traditional finance. He still thinks every day in markets teaches him something new. That's probably why he hasn't stopped.
