Crypto Heists Drain $92M in April—Year-to-Date Losses Now Stagger at $1.74B

Another brutal month for crypto security as attackers siphon $92M from vulnerable protocols. The running 2025 tally now nears $2B—enough to make even Wall Street’s finest blush at the sheer inefficiency of theft prevention.

Key targets: Cross-chain bridges and DeFi protocols continue hemorrhaging value, with Lazarus Group-linked attacks accounting for 60% of April’s losses. Meanwhile, exchanges tighten KYC controls while somehow leaving backdoors wide open.

The irony? This hemorrhage occurs as institutional players tout ’unprecedented security measures.’ Maybe unprecedented like a screen door on a submarine.

Meanwhile, Immunefi noted that two incidents were responsible for the majority of the $92.4 million. Open-source platformlost $70 million, while decentralized exchangesuffered a $7.5 million loss.

andfollowed with losses between $5 million and $6 million.andalso saw more than $1 million stolen each.

In 2025 YTD, the crypto ecosystem saw $1,742,117,315 in total losses. This is a 4x increase compared to $420 million during the same period last year.

Moreover, it has already surpassed the total losses for the entire 2024, which recorded a loss of $1.49 billion.

Meanwhile, Immunefi’s March report noted that “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem,” with $1.64 billion lost. Most of that was the result of only two hacks of centralized exchanges.suffered a $69.1 million loss in January, whilelost $1.46 billion in February.

100% DeFi Hacks

Hacks were the main cause of losses in April, compared to fraud, accounting for 100% of it.

At the same time, decentralized finance (DeFi) surpassed centralized finance (CeFi) yet again. The former accounted for 100% of the stolen funds.

Moreover,andwere once more the most targeted chains. The two accounted for over half of the losses, or 60% to be more precise.

Ethereum suffered the most attacks. Its five incidents represented 33.3% of all attacks. BNB Chain saw four attacks, or 26.7%.

Furthermore,recorded three incidents (20%), while,,, andsuffered a single attack each.

Meanwhile, Immunefi says it offers over $180 million in available bounty rewards and has paid out over $116 million in total bounties so far.

In late March, it launched, its novel AI-powered security orchestration platform. The team said that the new platform united threat intelligence and automated security operations across a protocol’s security stack, maximizing protection.

They also said they planned to announce additional partnerships with “a number of top-tier security service and tooling providers.”