DeFi protocols suffered losses exceeding $840 million in the first five months of 2026, with April alone accounting for over $600 million stolen, driven by the $292 million KelpDAO exploit and the $285 million Drift Protocol breach. The attacks continued into May, with THORChain halting trading after a cross-chain exploit affecting over $10 million. According to TRM Labs, North Korea-linked actors accounted for 76% of global crypto hack losses through April 2026, up from 64% in 2025 and under 10% in 2020. Experts attribute the surge to structural weaknesses in bridges and administrative systems, as well as advances in AI that lower the bar for exploit discovery. Older and unverified contracts are increasingly targeted by automated reconnaissance. The LayerZero-based KelpDAO attack began with social engineering of a developer in March, leading to session key theft. Recurring patterns include privileged access control failures, malicious proxy upgrades, and cross-chain message verification gaps. The industry response, exemplified by 'DeFi United' raising $303 million to backstop bad debt from the KelpDAO exploit, highlights the scale of capital required to mitigate single bridge failures. Confidence in DeFi remains shaken, with experts calling for full-stack security solutions addressing both code and human vulnerabilities.

Key facts

• DeFi losses exceed $840 million in Jan-May 2026, with April alone over $600 million.
• North Korea-linked actors account for 76% of global crypto hack losses through April 2026.
• AI lowers the bar for exploit discovery, targeting older and unverified contracts.
• KelpDAO $292M exploit rooted in social engineering of a developer in March.
• The industry response 'DeFi United' raised 132,650 ETH (~$303M) to cover bad debt.

KeyAudit data perspective