- $92.5M lost in April DeFi hacks, up 2.2x from March.
- 2025 losses hit $1.74B, largely due to $1.46B Bybit exploit.
- Ethereum, BNB Chain most targeted; Immunefi leads defense.
The decentralized finance (DeFi) sector has sustained another harsh blow, suffering $92.5 million in losses across 15 separate hacking incidents in April marking a 27.3% year-over-year increase, according to a newly released report from Web3 security platform Immunefi.
In addition, the figure is a remarkable 2.2x increase above March’s $41.4 million in losses, signalling a bleak state of affairs of the now widespread blockchain platform threat landscape.
At the moment, the crypto ecosystem has lost $1.74 billion so far this year, a near four times increase compared to the $420 million it made at the end of April 2022. Furthermore, this year’s amount exceeds the entire $1.49 billion lost during 2024.
April Hit by Series of DeFi Attacks
The numbers, however, are heavily skewed by simply one major event: the February hack of crypto exchange Bybit which accounted for $1.46 billion. Other than this incident, this brings year to date losses down to closer to $280 million, a 33% drop vs. year to date 2024.
Most of these sharp losses were caused by two large exploits, UPCX, an open source, blockchain based payments platform with estimated losses at $70 million and KiloEx, a decentralized exchange which was hit for $7.5 million. These two are responsible for more than 83 percent of the total monthly damages.
Zora ($140,800), Impermax ($152,200), Term Labs ($1.5 million), Bitcoin Mission ($1.3 million), The Roar ($790,000), Loopscale ($5.8 million), ZKsync ($5 million), and ACB ($84,100) are also notable other incidents. April was important for the fact that none occurred attacks of centralized Finance (CeFi) breaches or practice of fraud.
The KiloEx and ZKsync attack losses also amounted to the mounting losses, but thanks to Immunefi, we can confirm that the stolen funds were recovered only a rare bright spot.
Ethereum, BNB Chain Dominate April Hack Targets
The onchain losses in April again targeted Ethereum and BNB Chain, with the two combined responsible for 60% of April’s losses. Five single incidents were reported by Ethereum, just enough more than the four which were reported by BNB Chain. Three times the Base Layer 2 network was hit and Arbitrum, Solana, Sonic and ZKsync a single breach.
Operating what it calls the largest blockchain security community currently boasting over 45,000 researchers, and having so far paid out more than $116 million in bounties to ethical hackers and researchers, Immunefi is a member of the federation.
As revenues have reportedly shielded over $25 billion in user funds, these efforts have been taken. A landmark $10 million bounty paid out to a monumental vulnerability in Wormhole’s cross chain messaging protocol, the platform has processed over 3,000 bug bounty reports.
Reported, Immunefi still facilitates the security of protocols like Polygon, Optimism, Chainlink, The Graph, Synthetix, LayerZero, Sky (total user assets) that sum up $190 billion.
