Articles
DeFi

Crypto hackers stole $17B over past 10 years: DefiLlama

User Image

Por Anônimo

Criado April 22, 2026|2 mins de leitura
Main Image

Private key compromises led crypto hack losses over the past decade as recent DeFi exploits show attackers moving beyond smart contract bugs.

Private key compromises are emerging as one of crypto’s costliest attack vectors, with hackers stealing more than $17 billion across 518 recorded incidents over the past decade, according to data platform DefiLlama.

In data shared Tuesday, DefiLlama’s dashboard shows a large share of those incidents stemmed from compromised private keys, alongside phishing and other credential-based attacks.

Around 22.3% of the incidents were attributed to private key compromises through “brute force,” 18.2% to private key compromises via “unknown methods,” and 10% occurred due to phishing attacks on multi-signature wallets.

The figures add to evidence that some of the industry’s biggest losses are increasingly coming from weaknesses in wallet security, signing infrastructure and user behavior, rather than from flaws in protocol code alone.

The findings come days after the crypto industry suffered its largest hack so far in 2026 on Saturday, when an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.

The recent wave of losses has also hit decentralized finance hard. More than $600 million was stolen from DeFi protocols over the past 60 days, according to a Monday report from crypto trading company GSR, with the Kelp exploit and the April 1 exploit involving Solana-based decentralized exchange Drift Protocol accounting for most of the total.

The attacks are raising new questions about whether improving smart contract audits alone is enough to protect users. In its report, GSR said attackers appear to be shifting toward “operational security, signing infrastructure, developer tooling, and the humans behind them” as smart contract security continues to improve.

That shift is pressuring a sector already facing narrower returns. “DeFi yields have compressed toward TradFi rates, raising the question of whether depositing onchain is still worth the risk,” GSR wrote.

Cybersecurity companies say advances in malware and artificial intelligence are making social engineering and wallet-targeting attacks easier to scale, which involve scammers tricking victims into sending crypto to illicit addresses by first sending them small transactions, hoping that investors copy and paste the attacker’s address from the transaction history.

Related: ZachXBT asks MemeCore to explain valuation and token supply

The rise of hacking-as-a-service tools is also lowering the barrier to entry for would-be attackers, according to Dyma Budorin, co-founder and CEO of cybersecurity firm Hacken.

“If people are getting these links, their wallets can be completely drained,” Budorin told Cointelegraph in an interview at EthCC 2026. “The platform on the darknet will take the commission for their tools and [scammers] get the bigger portion of the drained wallets.”

Budorin added that hackers are usually seeking out the easiest targets that require the least effort to scam.

Web3 projects lost $482 million in the first quarter of 2026, as phishing and social engineering scams drove $306 million of those losses as the largest attack vector, according to a report by Hacken.

Even so, some parts of the threat picture have improved. Scam Sniffer said in a January report that losses tied to crypto phishing attacks fell sharply in 2025, suggesting users were becoming more aware of the threat, even as wallet-drainer scripts and new malware strains continued to circulate.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express

Source: CoinTelegraph


Outros artigos publicados recentemente

Ripple once weighed shutting down and handing XRP to shareholders, CEO says
Ripple once weighed shutting down and handing XRP to shareholders, CEO says

Crypto Market Analysis

Ripple's Brad Garlinghouse says he and co-founder Chris Larsen considered winding the company down a...

Bitcoin, ether little changed as U.S. launches fresh Iran strikes
Bitcoin, ether little changed as U.S. launches fresh Iran strikes

Bitcoin

The U.S. hit Iran for the third time this week and Tehran has reportedly closed the Strait of Hormuz...

Bitcoin is nearing a power law support line Fidelity has tracked since 2015
Bitcoin is nearing a power law support line Fidelity has tracked since 2015

Bitcoin

The group's Dir. of Global Macro Jurien Timmer calls it an accumulation zone but notes the lack of a...

Cambridge study puts Ethereum near the lower end of PoS energy intensity
Cambridge study puts Ethereum near the lower end of PoS energy intensity

Ethereum

Cambridge estimated that Ethereum consumes 7.87 GWh annually and has the second-lowest market-value-...

Bitcoin’s BIP 110 fork deadline nears with miner support at zero
Bitcoin’s BIP 110 fork deadline nears with miner support at zero

Bitcoin

The BIP 110 proposal would cap arbitrary data on Bitcoin for a year, but Saylor, Adam Back and other...

Empery Digital shares rise after selling Bitcoin to fund AI data center project
Empery Digital shares rise after selling Bitcoin to fund AI data center project

Bitcoin

The sales come months after a major Empery shareholder demanded the firm ditch its Bitcoin treasury ...