The scale of the damage has been driven by two major breaches. Drift Protocol, a Solana-based decentralised exchange, lost about $285 million after an April 1 attack that forced it to suspend services. KelpDAO, an Ethereum restaking protocol, suffered losses estimated at about $292 million later in April after an exploit linked to its cross-chain infrastructure. Together, the two incidents accounted for roughly three-quarters of tracked crypto exploit losses this year.
April became one of the costliest months for crypto security since the industry’s 2022 crisis period. Losses across decentralised finance and crypto infrastructure exceeded $600 million during the month, far outpacing the first-quarter total and showing how a small number of high-value attacks can reshape risk perceptions across the market. The pattern has raised fresh questions over whether DeFi’s fast-growing layers of bridges, restaking tokens, lending markets and governance controls have become too interconnected for their current security models.
The Drift breach exposed weaknesses around administrative control and transaction approval processes rather than a simple coding error. Attackers were able to gain control over key governance functions through a sophisticated exploit path, prompting the protocol to halt deposits and withdrawals while security firms and exchanges worked to contain stolen funds. The incident underlined a shift in attack strategy from merely probing smart contracts to compromising the human and operational systems that control them.
KelpDAO’s breach widened those concerns because it involved liquid restaking assets and cross-chain movement. The attacker exploited a bridge-related weakness to unlock tokens that should have remained secured, creating pressure across connected lending and liquidity markets. The incident showed how failures in one protocol can spread quickly when collateral, wrapped assets and lending positions are tied into several platforms at once.
North Korea-linked hacking groups remain central to the threat landscape. The Drift and KelpDAO incidents have been associated by blockchain investigators with tactics previously used by state-backed operators, including social engineering, impersonation and rapid laundering through multiple networks. Such groups have increasingly focused on fewer but larger targets, preferring high-value infrastructure points where a single compromise can yield hundreds of millions of dollars.
Concern over artificial intelligence is growing, although direct proof of fully autonomous AI-led DeFi exploits remains limited. The sharper risk lies in AI-assisted preparation: attackers can use generative tools to write convincing phishing messages, imitate executives, analyse open-source code, map protocol dependencies and speed up vulnerability discovery. That does not mean AI is independently carrying out the attacks, but it does lower the cost and time needed to prepare them.
Security teams are responding with their own AI systems, using automated monitoring to track suspicious wallet behaviour, detect unusual contract calls and flag laundering patterns before stolen assets disappear through mixers, bridges or over-the-counter brokers. Yet defensive tools remain unevenly deployed, especially among smaller protocols that rely on limited audits, small multisig groups and emergency governance mechanisms that may not withstand a coordinated attack.
The DeFi sector’s structure adds to the problem. Protocols often advertise decentralisation while relying on concentrated security councils, privileged keys, bridge validators or upgrade permissions. These arrangements can help teams respond quickly during emergencies, but they also create high-value targets. Once attackers identify the people or systems controlling those permissions, the line between a technical exploit and an organisational compromise becomes blurred.
Restaking has added another layer of complexity. Liquid restaking tokens allow capital to move more efficiently across DeFi, but they also create chains of dependency between staking platforms, bridges, lending protocols and automated market makers. A weakness in one part of that chain can affect valuations, collateral ratios and liquidity elsewhere. That raises the risk of bad debt, forced liquidations and confidence shocks even when the original exploit is contained.
Market participants are now placing greater emphasis on operational security, not just smart contract audits. Stronger transaction policies, hardware-isolated signing, independent bridge verification, real-time anomaly detection and stricter controls over governance permissions are becoming minimum expectations for large protocols. Insurance coverage, emergency liquidity funds and coordinated recovery mechanisms are also gaining importance as investors demand clearer safeguards.
Arabian Post – Crypto News Network
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
