In April, cybersecurity breaches in the cryptocurrency space surged, with hackers stealing $92 million from DeFi platforms, a 124% increase from March. The largest incident involved UPCX losing over $70 million. Experts urge enhanced security measures, particularly citing threats from state-sponsored actors. Overall, 2025 has already seen over $1.7 billion in thefts, surpassing last year’s total losses.
In April, hackers targeted decentralized finance (DeFi) platforms, stealing a staggering $92 million worth of digital assets in 15 separate incidents. This is according to a report from Immunefi, a firm that focuses on blockchain cybersecurity. This amount represents a dramatic 124% increase compared to March, during which losses were estimated at $41 million.
The most significant theft occurred from the open-source platform UPCX, accounting for over $70 million in losses alone. Another sizeable blow came from KiloEx, where hackers pilfered $7.5 million. Interestingly, the exploiter of KiloEx returned the stolen funds just days after the crime had taken place. Throughout the month, DeFi platforms were the sole targets, with no reported breaches within centralized exchanges.
Immunefi claims to protect around $190 billion in user funds and has handed out more than $116 million in bounties to ethical hackers. This incident follows the infamous hack of Bybit in February, which resulted in more than $1.4 billion being stolen, marking it as the largest hack in crypto history.
Mitchell Amador, CEO and founder of Immunefi, emphasised the menace posed by state-sponsored hackers, calling them the most significant threat to the industry. He stresses the urgency for enhanced security methods to shield protocols effectively from catastrophic attacks. Investors, he notes, need to remain aware that even seemingly trustworthy platforms may have hidden risks.
To counteract this growing threat, Amador advises adopting a thorough “zero-trust” policy, suggesting that protocols should implement robust security measures to protect their entire technological architecture. Regular audits, bug bounty programs, and formal verifications are essential to securing smart contracts and related infrastructures.
As the year progresses, hackers have already pilfered over $1.7 billion in cryptocurrencies by April’s end. This figure has already eclipsed the total estimated losses for all of 2024, which stood at approximately $1.49 billion, as per Immunefi’s analysis.
Interestingly, insights from cybercrimes researcher Eric Jardine of Chainalysis suggest that the notorious North Korean hackers, known as the Lazarus Group, might be planning something big, having taken a break during the latter part of 2024. This could be a strategic move geared towards executing an extensive hack similar to the Bybit incident.
