Over the past 90 days, DeFi protocol losses from hacks and exploits exceeded $168 million.
Analytics platform DefiLlama reports 34 security incidents during this period. Attackers stole at least $168.6 million in total.
The largest hack targeted Step Finance in January. Hackers gained access to private keys and withdrew $40 million in assets.
Second place goes to a Truebit smart contract manipulation that resulted in $26.4 million stolen in Ethereum.
Related: Crypto Industry Hacks Totaled $52 Million in Losses in March
Third place involves the Resolv Labs stablecoin issuer incident in March. The “shadow contagion” effect became particularly notable here. The USR stablecoin collapse created bad debt across Morpho Blue, Euler, and Fluid protocols.
While these figures may seem significant, the situation has actually improved. Compared to Q1 2025, losses have decreased noticeably. Last year, the Bybit hack alone caused $1.4 billion in losses.
When Hackers Are Most Active
According to Kraken Chief Security Officer Nick Percoco, attacker activity in crypto correlates less with calendar periods and more with market cycles and events.
Attacks typically intensify during periods of rapid liquidity growth, new product launches, and capital inflows. That is when more value and new vulnerabilities appear in the system.
Related: Bitcoin Price Posts Worst Q1 Since 2018
Experts emphasize that security must remain a constant priority regardless of market phase.
Threat Landscape
Attackers range from highly organized groups to less sophisticated actors. North Korea-linked hackers continue to show particular activity.
According to specialists, the threat landscape represents a mix of different attacker types. These range from targeted operations against key infrastructure to opportunistic attacks exploiting weak points in smart contracts and credential security.
Experts predict continued growth in social engineering attacks, credential theft, and AI-powered tools throughout 2026.
