Data platform DefiLlama revealed this Tuesday that crypto hacks have siphoned 17 billion dollars through 518 recorded incidents during the last ten years. The report emphasizes that the majority of these economic losses do not stem from programming code failures, but from critical vulnerabilities in private key custody and social engineering attacks targeting signing infrastructure.
The security landscape in the first quarter of 2026 shows a concerning evolution in attacker tactics. In the last 60 days alone, decentralized finance protocols suffered losses exceeding 600 million dollars. The most severe event occurred last Saturday, when an exploit on the Kelp DAO bridge allowed the drain of 116,500 restaked Ether units, valued at approximately 293 million dollars according to the DefiLlama dashboard. This attack highlights how risk vectors have shifted from smart contracts toward cross-chain interoperability mechanisms.
Adding to these figures is the persistent activity of state-sponsored groups. The impact of North Korean hackers exceeded 2 billion dollars in 2025, consolidating a trend where technical sophistication meets geopolitical objectives. During the first three months of 2026, Web3 projects have already lost 482 million dollars, of which 306 million correspond exclusively to phishing and identity theft scams.
Operational security breaches now outweigh code-based vulnerabilities
This paradigm shift poses a structural dilemma for investors. According to a GSR report, yields in the DeFi sector have compressed to levels similar to those of traditional finance. This convergence of rates reduces the incentive to assume the technological risk inherent to the blockchain, especially when smart contract audits no longer guarantee the total security of funds against human or infrastructure errors.
If protocols offer returns of 4% or 5% annually but face a constant risk of total loss due to a compromised private key, the profitability equation breaks. Attackers are prioritizing the developer environment and digital signing tools. Dyma Budorin, CEO of the security firm Hacken, noted at the EthCC 2026 conference that the rise of AI-based hacking tools is allowing less experienced criminals to execute large-scale wallet-draining attacks by automating malware processes.
The distribution of theft causes over the last decade shows that 22.3% of incidents were due to brute-force key compromises. Another 18.2% is attributed to unidentified credential access methods, while 10% of total losses occurred through phishing attacks targeting multi-signature wallets. These data points confirm that the weakest link in the ecosystem remains the human factor and permission management at the user layer.
The market will closely watch the resolution of the Kelp DAO case and the potential recovery of assets in the coming weeks. Compliance with new security standards in signing infrastructure and the protocols’ response to margin compression will determine whether institutional capital maintains its confidence in self-custody platforms for the remainder of the year.
This article is for informational purposes and does not constitute financial advice.
