April Sees Record-Breaking 29 Crypto Hacks, Exposing Critical Security Flaws

April 2024: A Record-Breaking Month for Crypto Hacks

April was a devastating month for the cryptocurrency industry, with 29 crypto projects falling victim to hacks or exploits—the highest monthly total in history, according to DefiLlama data.

Among the most damaging incidents were the breaches of Drift, a Solana-based exchange, and Kelp DAO, an Ethereum-based restaking app. Together, these attacks resulted in a combined loss of $579 million.

The surge in hacks has shaken confidence in decentralized finance (DeFi), prompting industry leaders to question whether the risks of decentralized technology outweigh its benefits. While DeFi was once seen as maturing beyond its early vulnerabilities, recent events have reignited concerns about security flaws.

Centralization and Human Error: Key Weaknesses

Michael Egorov, founder of Curve Finance and Yield Basis, highlighted centralization as a major vulnerability in DeFi protocols.

"We need to reduce the number of single points of failure as much as possible. The goal of DeFi design should be to minimise human-centric points of failure, not add to them."

The attacks on Drift and Kelp DAO both stemmed from centralized weak points:

• Drift: North Korean hackers compromised two employees through a sophisticated social engineering campaign. This gave them admin access, allowing them to steal $285 million from users.
• Kelp DAO: The protocol relied on a LayerZero crypto bridge configured with a single operator. Hackers exploited this flaw to steal $273 million.

Code Bugs and AI: The New Threat Landscape

While centralization played a role in major breaches, code bugs were the leading cause of hacks in April. Of the 29 incidents, 24 (83%) were attributed to vulnerabilities in smart contracts or protocol code.

Crypto security experts warn that advances in artificial intelligence are making it easier for hackers to exploit these flaws. Bad actors now use large language models (LLMs)—such as those powering ChatGPT and Claude—to scan thousands of lines of code per second, a task that was previously manual and time-consuming.

Despite code bugs being the root cause of most hacks, they accounted for only $42 million (6.6%) of April’s total losses of $635 million.

Not the Worst Month by Losses, But a Wake-Up Call

While April’s 29 hacks set a record, it wasn’t the worst month in terms of total funds lost. In December 2020, hackers stole an estimated $3.5 billion—a figure largely attributed to the breach of wallets belonging to LuBian, a Bitcoin mining company.

However, the LuBian hack went unnoticed for nearly five years, and neither the company nor the suspected hacker has ever publicly acknowledged the breach. Arkham Intelligence, the blockchain data platform that uncovered the incident, suggested the attack was likely due to LuBian’s security practices.

Industry Experts Warn of Persistent Risks

Michael Pearl, vice president of strategy at Cyvers, a crypto security firm, emphasized the shifting tactics of hackers:

"Right now, DeFi seems to be the primary target. In general, everything has shifted now to hacking humans rather than hacking systems."

As the crypto industry grapples with these challenges, experts stress the need for stronger security measures, including reduced centralization, rigorous code audits, and advanced AI-driven threat detection to stay ahead of increasingly sophisticated attackers.