Crypto hackers stole $17B over past 10 years: DefiLlama

Private key compromises led crypto hack losses over the past decade as recent DeFi exploits show attackers moving beyond smart contract bugs.

Private key compromises are emerging as one of crypto’s costliest attack vectors, with hackers stealing more than $17 billion across 518 recorded incidents over the past decade, according to data platform DefiLlama.

In data shared Tuesday, DefiLlama’s dashboard shows a large share of those incidents stemmed from compromised private keys, alongside phishing and other credential-based attacks.

Around 22.3% of the incidents were attributed to private key compromises through “brute force,” 18.2% to private key compromises via “unknown methods,” and 10% occurred due to phishing attacks on multi-signature wallets.

The figures add to evidence that some of the industry’s biggest losses are increasingly coming from weaknesses in wallet security, signing infrastructure and user behavior, rather than from flaws in protocol code alone.

The findings come days after the crypto industry suffered its largest hack so far in 2026 on Saturday, when an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.

The recent wave of losses has also hit decentralized finance hard. More than $600 million was stolen from DeFi protocols over the past 60 days, according to a Monday report from crypto trading company GSR, with the Kelp exploit and the April 1 exploit involving Solana-based decentralized exchange Drift Protocol accounting for most of the total.

The attacks are raising new questions about whether improving smart contract audits alone is enough to protect users. In its report, GSR said attackers appear to be shifting toward “operational security, signing infrastructure, developer tooling, and the humans behind them” as smart contract security continues to improve.

That shift is pressuring a sector already facing narrower returns. “DeFi yields have compressed toward TradFi rates, raising the question of whether depositing onchain is still worth the risk,” GSR wrote.

Cybersecurity companies say advances in malware and artificial intelligence are making social engineering and wallet-targeting attacks easier to scale, which involve scammers tricking victims into sending crypto to illicit addresses by first sending them small transactions, hoping that investors copy and paste the attacker’s address from the transaction history.

Related: ZachXBT asks MemeCore to explain valuation and token supply

The rise of hacking-as-a-service tools is also lowering the barrier to entry for would-be attackers, according to Dyma Budorin, co-founder and CEO of cybersecurity firm Hacken.

“If people are getting these links, their wallets can be completely drained,” Budorin told Cointelegraph in an interview at EthCC 2026. “The platform on the darknet will take the commission for their tools and [scammers] get the bigger portion of the drained wallets.”

Budorin added that hackers are usually seeking out the easiest targets that require the least effort to scam.

Web3 projects lost $482 million in the first quarter of 2026, as phishing and social engineering scams drove $306 million of those losses as the largest attack vector, according to a report by Hacken.

Even so, some parts of the threat picture have improved. Scam Sniffer said in a January report that losses tied to crypto phishing attacks fell sharply in 2025, suggesting users were becoming more aware of the threat, even as wallet-drainer scripts and new malware strains continued to circulate.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express

Source: CoinTelegraph