Crypto Heists Surge: $92M Stolen from DeFi in April Alone, More Than Doubles March Tally
Decentralized Finance Under Siege as 2025 Losses Exceed $1.7 Billion
April proved devastating for the crypto industry as hackers stole $92 million in digital assets, according to new data from blockchain security firm Immunefi. This marks a 124% increase from March’s $41 million, signaling an alarming escalation in the scale and frequency of decentralized finance (DeFi) attacks.
The April Breakdown: UPCX, KiloEx Among Top Victims
Out of the 15 recorded incidents in April, the most damaging was the breach of open-source platform UPCX, which lost over $70 million. KiloEx, another decentralized protocol, suffered a $7.5 million loss, though the stolen funds were returned days later by the exploiter.
Notably, all attacks in April targeted DeFi platforms, while centralized exchanges reported no successful hacks during the same period. The trend continues a broader pattern of vulnerabilities within decentralized ecosystems—despite growing investment in cybersecurity.
“Protocols must be built assuming attackers will get in,” said Mitchell Amador, CEO of Immunefi. “Even the safest-looking interfaces can be traps.”
State-Sponsored Threats Cast a Long Shadow
Immunefi’s report follows February’s $1.4 billion Bybit breach, the largest in crypto history, believed to be the work of state-backed actors. Experts suggest this may mark a strategic shift by groups like North Korea’s Lazarus, which paused operations in late 2024—possibly in preparation for even larger operations.
“The industry is facing threats that go beyond lone actors,” said Eric Jardine, Chainalysis’ cybercrime research lead. “We’re now dealing with organized, state-level cyber warfare targeting DeFi.”
As of April’s close, hackers have stolen over $1.7 billion in 2025, already surpassing the $1.49 billion lost in all of 2024, raising serious questions about industry preparedness.
Can DeFi Protocols Keep Up?
Immunefi, which claims to safeguard over $190 billion in user funds, has paid $116 million in bounties to white-hat hackers to date. The firm advocates a “zero-trust” cybersecurity approach, emphasizing that smart contract audits, formal verification, and bug bounty programs must become standard for protocols seeking long-term resilience.
Share This“Security can’t be an afterthought,” Amador said. “It must be foundational—deeply integrated into every layer of DeFi infrastructure.”
