April was the worst month on record for crypto projects getting hacked, with 29 incidents tracked by crypto data provider DefiLlama. In terms of dollar value, $651 million in losses were recorded, which is the largest monthly total since March 2022 (excluding the February 2025 Bybit hack), according to crypto security firm Certik. In response to these most recent incidents, many crypto market observers are questioning whether blockchain infrastructure can be relied upon by traditional financial institutions. Additionally, the centrally-planned responses to many of these hacks have also exposed the decentralization theater that is prevalent throughout the industry.
Drift and Kelp DAO were the two most notable crypto hacks in April, combining for $579 million in losses. The situation with Drift also points to a persistent problem in the crypto industry of thefts originating from North Korea. According to the Drift team, the hack of their protocol involved a six-month social engineering operation that eventually led to North Korean agents gaining access to critical infrastructure that allowed a sophisticated manipulation of the protocol in order to extract hundreds of millions of dollars worth of crypto. Blockchain analytics firm TRM Labs also recently put out a report pointing out that 76% of all crypto value extracted from hacks this year is connected to North Korea (solely from the Drift and Kelp DAO incidents), with the regime taking in more than $6 billion from their crypto hacking operations over the years.
Combining all the incidents in April we’ve confirmed ~$651M lost to exploits with
~$3.5M of the total attributed to phishing.April has had the highest losses recorded since March 2022 (~$715M), excluding Feb 2025 (Bybit).
More details below 👇 pic.twitter.com/x9uAbLbtMz
— CertiK Alert (@CertiKAlert) April 30, 2026
The large number of security incidents taking place in the decentralized finance (DeFi) space has put into question whether major Wall Street firms will want to take advantage of this technology for their own operations. While the likes of BlackRock’s Larry Fink and JPMorgan Chase’s Jamie Dimon have touted the potential of tokenization over the past few years, these DeFi hacks have forced some firms to question whether this technology will be ready for use by institutions anytime soon. The hacking of DeFi protocol Balancer for $120 million last year in particular last year was one of the first to send a chill throughout the DeFi industry, as it involved smart contracts that had been previously audited and presumed safe for a number of years. A recent report from JPMorgan analysts indicated, “Persistent security vulnerabilities and a stagnant [total value locked] continue to limit DeFi’s institutional appeal.”
Instead of issuing assets on decentralized crypto networks like Ethereum, traditional financial institutions may opt for more controlled blockchain networks where security incidents can be better managed and the permissionless, “code of law” nature of open networks is avoided. This allows banks to reverse transactions when something goes wrong, which U.S. Bank previously described as an appealing feature. That said, stablecoin issuer Circle recently received criticism from some segments of the crypto industry for not getting involved in incidents where their USDC tokens have been lost or stolen. The company has said it wants to limit the use of their backdoor control to situations where a court order has been issued.
Of course, the aspects of the crypto industry that are supposedly decentralized have also seen criticism recently, as the centralized backdoors implemented in them have continually been used to respond to hacks and other issues. Whether it’s stablecoin issuer Tether seizing Iranian assets on behalf of the U.S. government or blockchain networks freezing funds to address security incidents, crypto has largely been exposed as more similar to the traditional financial system than its proponents would like to admit over the past couple of years.
Isn't that what they did with Base?
— Kyle Torpey (@kyletorpey) December 9, 2024
With the crypto industry seemingly bifurcating into two separate sectors between Bitcoin and stablecoins, it’s becoming increasingly clear that much of the crypto industry is turning into traditional fintech that simply uses blockchain infrastructure for regulatory arbitrage purposes. In other words, fintechs want to use blockchain networks not because they empower users to have more control over their assets, but because they allow them to avoid Know Your Customer and anti-money laundering regulations to enable features such as around-the-clock trading of tokenized assets and a global userbase.
While the high degree of centralization involved in various crypto protocols has allowed projects to assist users in the large number of security incidents that have taken place recently, it has also made the general public question whether crypto, at least in the form it has been implemented today, is all that different from the preexisting financial system built around traditional banks.
