Criminals stole over $90 million in digital assets from crypto hacks in just the month of April 2025. This startling case was uncovered in a recent study published by Immunefi. That spike represents a 124% increase since March 2025, when $41 million was stolen. That recent spike underscores the increasing risk faced by decentralized finance (DeFi) platforms.
The new report shows that hackers were able to complete all 15 distinct hijack attacks running in April 2025. Interestingly, some centralized exchanges claimed not a single hack occurred in that time.
The cumulative value of all digital assets stolen by hackers in just 2025 alone has already outpaced $1.7 billion. That’s more than the estimated $1.49 billion in losses for all of 2024 combined. Beyond the number of victims, it underscores a disturbing trend in our widening threat landscape.
Of the attacks reported in April of 2025, all were against decentralized finance (DeFi) platforms. The month ended with its biggest hack on the open-source platform UPCX. Unlike most attacks, this one had terrible consequences, with more than $70 million being stolen.
The North Korean Lazarus Group orchestrated the world’s largest hack on Bybit, according to Eric Jardine, Chainalysis' cybercrimes research Lead.
Immunefi has paid out more than $116 million in bounties to white hat hackers. This remarkable number underscores the importance of teamwork with researchers to identify and address vulnerabilities. Immunefi plays a key role in protecting $190 billion worth of user funds.
Mitchell Amador, Founder and CEO of Immunefi lamented that we need to see strong protections for the entire technology stack. He suggests protocols adopt a "zero-trust" approach.
Despite these issues, bug bounties will remain an integral part of the ecosystem’s efforts to improve smart contract security. Yet protective infrastructure regular audits and full verifications are equally critical.
In a hopeful sign, the KiloEx exploiter returned the stolen funds within days of the attack.
