- Immunefi reports that crypto projects lost $92M in April
- This marks a 2.2x increase compared to March
- 100% of the incidents affected DeFi, with no losses in CeFi
- All incidents were hacks, not fraud
- The largest attacks targeted UPCX, KiloEx, and Loopscale
- Ethereum, BNB Chain, and Base were the most affected
Immunefi reports that crypto projects lost $92M in April — a 2.2x increase compared to March. All incidents impacted the DeFi sector, with CeFi unaffected. Ethereum, BNB Chain, and Base were the most targeted networks, accounting for 60% of the losses. The largest attacks hit UPCX ($70M), KiloEx ($7.5M), and Loopscale ($5.8M).
Are Hack-Related Losses Still Growing?
The industry has only recently experienced the Bybit CEX breach, which became the largest in terms of losses in crypto exchange history (although the situation was quickly resolved and, strictly speaking, it wasn’t exactly a direct exploit of Bybit itself).
Still, Immunefi provides a clear snapshot of the current state of DeFi security. According to their latest report, losses in April totaled $92 million — a 2.2x increase compared to $41 million in March. This figure comes from 15 incidents, the largest of which include:
UPCX ($70 million), KiloEx ($7.5 million, with $5.5 million later returned), Loopscale ($5.8 million), and ZKsync ($5 million, partially recovered), among others.
The most targeted networks were:
- Ethereum, leading with 5 incidents (33.3%)
- BNB Chain, second with 4 incidents (26.7%)
- Base, with 3 incidents (20%)
- Arbitrum, Solana, Sonic, and ZKsync each had one recorded incident
Cumulatively, crypto losses in DeFi in 2025 have now reached $1.74 billion — already surpassing the entire 2024 total of $1.49 billion. Notably, every incident in April was a hack, not fraud — a stark contrast with last year, where the proportions were significantly different.
Conclusion
This raises an ongoing question: how is it that blockchain — a system intentionally designed to be costly to exploit directly — continues to suffer so many direct attacks? I’ve explored this before: the blockchain may be secure, but everything around it remains vulnerable. Still, the trend seems clear.
Perhaps amid growing geopolitical and economic uncertainty, blockchain is drawing not only institutional interest — but more attention from attackers as well. Or maybe the evolution of open-source LLMs is helping bad actors too, and the recent release of LLaMA 4 might already be pushing these numbers up. Be aware and always assess the situation comprehensively, diversify risks, and adapt your strategy to daily changes.
