TLDR:
-
Crypto losses totaled $92.5 million in April, up 27% year-over-year.
-
Most damage came from UPCX ($70M) and KiloEx ($7.5M) exploits.
-
Ethereum was the most targeted blockchain, followed by BNB Chain.
-
Total 2025 losses now stand at $1.74B, skewed by Bybit’s $1.46B hack.
DeFi Hacks Fuel April’s Rising Losses
The crypto ecosystem lost $92.5 million in April across 15 DeFi incidents, according to a new Immunefi report. That’s a 27.3% increase compared to the same month last year and more than double the $41.4 million lost in March.
Year-to-date, total losses now exceed $1.74 billion. However, $1.46 billion of that total stems from the massive Bybit hack in February. Excluding that outlier, 2025 losses are about $280 million, down 33% from the same point last year.
Top Incidents: UPCX and KiloEx
The largest single exploit in April was UPCX, an open-source payment platform, which lost $70 million. KiloEx, a decentralized exchange, was the second-largest with $7.5 million in losses. Fortunately, both protocols later recovered a portion of their stolen funds.
Other notable attacks included Loopscale ($5.8M), ZKsync ($5M), and Term Labs ($1.5M), among others. No centralized finance (CeFi) incidents or cases of fraud were reported.
Ethereum Remains Prime Target
Ethereum and BNB Chain were once again the most targeted networks, together accounting for 60% of April’s losses. Ethereum saw five separate incidents, while BNB Chain had four. Base suffered three hacks, and Arbitrum, Solana, Sonic, and ZKsync each reported one.
Immunefi’s Broader Role
Immunefi, which operates the largest bug bounty platform in Web3, says it has paid out $116 million to white hat hackers and helped secure over $190 billion in assets. Its platform spans major protocols like Polygon, Chainlink, Synthetix, and LayerZero.
