Crypto industry losses reach $92 million in April due to DeFi exploits: Immunefi

The crypto industry has incurred an additional $92.5 million in losses this month across 15 DeFi hacking incidents — a 27.3% increase compared to the same period last year — according to the latest report from web3 bug bounty and security services platform Immunefi.

April's losses also represent a 2.2x increase month-over-month compared to March — which came in at $41.4 million, Immunefi said.

The ecosystem has now lost $1.74 billion year-to-date, representing a fourfold increase from the $420 million it witnessed by the end of April 2024 and surpassing last year's total of $1.49 billion in losses. However, that figure is skewed by crypto exchange Bybit, which was exploited for $1.46 billion in February. Year-to-date losses outside of that stand at around $280 million — 33% lower than this time in 2024.

Most of April's losses stem from two specific incidents: open-source, blockchain-based payments platform UPCX, which lost $70 million, and decentralized exchange KiloEx , which lost $7.5 million.

Attacks on Loopscale ($5.8 million), ZKsync ($5 million), Term Labs ($1.5 million), Bitcoin Mission ($1.3 million), The Roar ($790,000), Impermax ($152,200), Zora ($140,800), and ACB ($84,100) make up the remainder of the DeFi losses. No cases of fraud or CeFi incidents were reported this month.

Funds stolen from the KiloEx and ZKsync exploits were both later recovered, Immunefi noted.

Ethereum is the most targeted network

Ethereum and BNB Chain were again the most targeted networks, accounting for 60% of April's losses onchain. Ethereum edged BNB Chain, suffering five versus four individual attacks, respectively. The Base Layer 2 network saw three incidents. Arbitrum, Solana, Sonic and ZKsync suffered a single attack each.

Immunefi says it has distributed more than $116 million in bounties to ethical hackers and researchers to date, while saving over $25 billion in user funds. The payouts span around three years and result from over 3,000 bug bounty reports, the largest of which was a $10 million award for a  vulnerability discovered in Wormhole’s cross-chain protocol.

Immunefi claims to operate the largest blockchain security community, with more than 45,000 researchers, helping to protect over $190 billion in user funds across protocols like Polygon, Optimism, Chainlink, The Graph, Synthetix, LayerZero, and Sky, from being stolen.