Articles
DeFi

Crypto hackers stole $17B over past 10 years: DefiLlama

User Image

অ্যাননিমাস দ্বারা

তৈরি করা হয়েছে April 22, 2026|2 মিনিট পড়ুন
Main Image

Private key compromises led crypto hack losses over the past decade as recent DeFi exploits show attackers moving beyond smart contract bugs.

Private key compromises are emerging as one of crypto’s costliest attack vectors, with hackers stealing more than $17 billion across 518 recorded incidents over the past decade, according to data platform DefiLlama.

In data shared Tuesday, DefiLlama’s dashboard shows a large share of those incidents stemmed from compromised private keys, alongside phishing and other credential-based attacks.

Around 22.3% of the incidents were attributed to private key compromises through “brute force,” 18.2% to private key compromises via “unknown methods,” and 10% occurred due to phishing attacks on multi-signature wallets.

The figures add to evidence that some of the industry’s biggest losses are increasingly coming from weaknesses in wallet security, signing infrastructure and user behavior, rather than from flaws in protocol code alone.

The findings come days after the crypto industry suffered its largest hack so far in 2026 on Saturday, when an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.

The recent wave of losses has also hit decentralized finance hard. More than $600 million was stolen from DeFi protocols over the past 60 days, according to a Monday report from crypto trading company GSR, with the Kelp exploit and the April 1 exploit involving Solana-based decentralized exchange Drift Protocol accounting for most of the total.

The attacks are raising new questions about whether improving smart contract audits alone is enough to protect users. In its report, GSR said attackers appear to be shifting toward “operational security, signing infrastructure, developer tooling, and the humans behind them” as smart contract security continues to improve.

That shift is pressuring a sector already facing narrower returns. “DeFi yields have compressed toward TradFi rates, raising the question of whether depositing onchain is still worth the risk,” GSR wrote.

Cybersecurity companies say advances in malware and artificial intelligence are making social engineering and wallet-targeting attacks easier to scale, which involve scammers tricking victims into sending crypto to illicit addresses by first sending them small transactions, hoping that investors copy and paste the attacker’s address from the transaction history.

Related: ZachXBT asks MemeCore to explain valuation and token supply

The rise of hacking-as-a-service tools is also lowering the barrier to entry for would-be attackers, according to Dyma Budorin, co-founder and CEO of cybersecurity firm Hacken.

“If people are getting these links, their wallets can be completely drained,” Budorin told Cointelegraph in an interview at EthCC 2026. “The platform on the darknet will take the commission for their tools and [scammers] get the bigger portion of the drained wallets.”

Budorin added that hackers are usually seeking out the easiest targets that require the least effort to scam.

Web3 projects lost $482 million in the first quarter of 2026, as phishing and social engineering scams drove $306 million of those losses as the largest attack vector, according to a report by Hacken.

Even so, some parts of the threat picture have improved. Scam Sniffer said in a January report that losses tied to crypto phishing attacks fell sharply in 2025, suggesting users were becoming more aware of the threat, even as wallet-drainer scripts and new malware strains continued to circulate.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express

Source: CoinTelegraph


সাম্প্রতিকতরে প্রকাশিত অন্যান্য নিবন্ধগুলি

Lending protocol Bonzo loses 77% of value locked as $9 million oracle exploit rattles Hedera
Lending protocol Bonzo loses 77% of value locked as $9 million oracle exploit rattles Hedera

Crypto Market Analysis

Bonzo Lend lost approximately $9.05 million after an attacker exploited a verification flaw in a thi...

AI found an Ethereum bug that could take validators offline, but humans had to prove it
AI found an Ethereum bug that could take validators offline, but humans had to prove it

Ethereum

The Ethereum Foundation pointed coordinated AI agents at the software its validators run and got a r...

Bitcoin treasury company Empery Digital sold about half of its BTC stack
Bitcoin treasury company Empery Digital sold about half of its BTC stack

Bitcoin

It's a sign of the times as the troubled company swaps its bitcoin treasury ambitions for AI data ce...

The UK has finally shown it’s serious about crypto
The UK has finally shown it’s serious about crypto

Crypto Market Analysis

Several recent regulatory steps indicate the UK might finally stop dragging its feet when it comes t...

Crypto IPO market stalls as capital rotates to AI and macro uncertainty weighs
Crypto IPO market stalls as capital rotates to AI and macro uncertainty weighs

Crypto Market Analysis

Funding constraints and investor caution, not regulation, are delaying crypto IPOs, according to Coh...

Bonzo Lend loses $9M in oracle exploit on Hedera
Bonzo Lend loses $9M in oracle exploit on Hedera

Crypto Market Analysis

An attacker inflated the value of SAUCE collateral and borrowed $9 million from Bonzo Lend through a...