Crypto Hacks Explode to $92.5M in April 2025, Surpassing 2024’s Annual Total

Crypto Hacks Explode to $92.5M in April 2025, Surpassing 2024’s Annual Total

DeFi Sector Under Fire as Exploiters Outpace Defenses Across Ethereum, BNB, and Base

May 4, 2025 — Blockchain Security | The cryptocurrency industry suffered a staggering $92.5 million in losses from 15 separate hacking incidents in April 2025, according to a new report from Immunefi, a leading blockchain security platform. The alarming figure represents a 27.3% increase from April 2024 and more than double the $41.4 million reported in March 2025, signaling a sharp escalation in decentralized finance (DeFi) vulnerabilities.

2025 Losses Already Surpass Last Year’s Full Total

With $1.74 billion in cumulative exploits reported so far in 2025, the industry has already surpassed 2024’s full-year loss of $1.49 billion, which had previously marked the worst year on record. The year-to-date total is over four times the $420 million recorded during the same period in 2024.

April’s eye-watering losses were dominated by two major breaches:

• UPCX, a blockchain payments platform, lost $70 million in the largest single exploit.

• KiloEx, a decentralized exchange, reported $7.5 million in damages.

Other impacted projects include:

• Loopscale – $5.8 million

• ZKsync – $5.0 million

• Term Labs – $1.5 million

• Bitcoin Mission – $1.3 million

• The Roar – $790,000

• Impermax – $152,200

• Zora – $140,800

• ACB – $84,100

All recorded incidents involved DeFi platforms, with no centralized exchanges or custodians affected, underscoring the persistent risks within decentralized ecosystems.

Ethereum and BNB Chain Bear the Brunt

The Ethereum and BNB Chain networks were the most frequent targets, collectively accounting for 60% of all April incidents:

• Ethereum: 5 hacks (33.3%)

• BNB Chain: 4 hacks (26.7%)

• Base: 3 hacks (20%)

• Arbitrum, Solana, Sonic, ZKsync: 1 each

This trend reflects the concentration of DeFi activity and the increasing complexity—and vulnerability—of smart contracts deployed on these networks.

Q1 2025: Record-Breaking Exploits Set the Tone

The April surge follows a devastating Q1 for the crypto sector. Notable earlier incidents include:

• Bybit: $1.46 billion loss via hot wallet infrastructure vulnerabilities — the largest exploit of 2025 to date.

• Infini: $50 million drained due to smart contract flaws, temporarily locking out users.

• zkLend: $9.5 million lost in a flash loan exploit that emptied liquidity pools.

• Ionic: $8.5 million vanished after private key compromise led to unauthorized transfers.

Notably, 100% of April’s exploits were classified as hacks, with no major fraud cases reported, highlighting how direct technical breaches—not scams—remain the primary threat vector.