Crypto hackers steal $169M from 34 DeFi protocols in Q1: DefiLlama

January saw the largest attack against a DeFi protocol of the quarter, the $40 million private key compromise of portfolio management platform Step Finance.

Crypto hackers stole over $168.6 million in cryptocurrency from 34 decentralized finance (DeFi) protocols in the first quarter of 2026, falling significantly from the same period last year, according to data from DefiLlama. 

The $40 million private key compromise of Step Finance in January was the largest exploit of the quarter, the data shows, followed by a smart contract manipulation that drained $26.4 million in ether (ETH) from Truebit on Jan. 8. The third-largest was a private key compromise targeting stablecoin issuer Resolv Labs on March 21.

The quarterly figure is low given that the industry saw $1.58 billion stolen in the first quarter of 2025, with the bulk coming from the $1.4 billion Bybit exploit. However, experts warn that crypto hacks aren’t tied to specific periods within a year.

Nick Percoco, the chief security officer at crypto exchange Kraken, told Cointelegraph that cybercriminal activity in crypto tends to rise around market and event-driven cycles rather than fixed periods.

Threat actors are also drawn to areas where liquidity is concentrated, meaning attack spikes often follow wherever value is accumulating fastest, according to Percoco.

“Bull markets, major product launches and fast-moving growth phases all create more attractive conditions for attackers because more value is at stake and new infrastructure can introduce risk,” he said.  

North Korea-linked actors have been a persistent threat to crypto investors and Web3-native companies alike. 

Hackers affiliated with the organization have been suspected of numerous attacks, including the Wednesday attack on Drift Protocol, a decentralized cryptocurrency exchange that lost an estimated $285 million to a private key leak.

Related: Hacked crypto tokens drop 61% on average and rarely recover, Immunefi report says

Percoco said the threat landscape is a mix of actors with different levels of sophistication, highly coordinated groups targeting core infrastructure, organized cybercriminal networks and opportunistic hackers scanning for weaknesses in smart contracts and client-facing systems.

“It is a broad and evolving mix, but they are ultimately targeting the same thing: global, liquid and accessible value. Targeting is rarely purely random. In many cases, attackers are deliberate in how they assess infrastructure, code, access controls and even human behavior,” he said.

Security experts previously told Cointelegraph that 2026 would likely see an increase in sophisticated credential theft, social engineering, and AI-powered attacks. 

Magazine: All 21 million Bitcoin is at risk from quantum computers

Source: CoinTelegraph