Crypto Hackers Steal $169M from 34 DeFi Protocols in Q1 2026

In the first quarter of 2026, hackers stole over $168.6 million from 34 decentralized finance (DeFi) protocols, according to data from DefiLlama. This marks a significant decline compared to the $1.58 billion stolen in the first quarter of 2025, which was largely attributed to the $1.4 billion Bybit exploit. The largest single attack in Q1 2026 was the $40 million private key compromise of Step Finance in January, followed by a $26.4 million smart contract manipulation at Truebit on January 8. The third-largest incident involved a private key compromise at stablecoin issuer Resolv Labs on March 21. Despite the overall decline in stolen funds, experts caution that crypto hacks are not confined to specific timeframes. Nick Percoco, chief security officer at Kraken, noted that cybercriminal activity tends to rise around market and event-driven cycles rather than fixed periods. He explained that attackers often target areas with concentrated liquidity, meaning spikes in hacking activity typically follow where value is accumulating most rapidly. "Bull markets, major product launches, and fast-moving growth phases all create more attractive conditions for attackers because more value is at stake and new infrastructure can introduce risk," Percoco said. North Korea-linked actors remain a persistent threat in the crypto space. These groups have been suspected of multiple attacks, including the recent $285 million breach of Drift Protocol, a decentralized cryptocurrency exchange. Percoco emphasized that the threat landscape includes a mix of highly coordinated groups, organized cybercriminal networks, and opportunistic hackers. "They are ultimately targeting the same thing: global, liquid, and accessible value. Targeting is rarely purely random. In many cases, attackers are deliberate in how they assess infrastructure, code, access controls, and even human behavior," he added. Security experts have previously warned that 2026 could see an increase in sophisticated credential theft, social engineering, and AI-powered attacks. The drop in stolen funds compared to the previous year does not necessarily indicate improved security, as attackers may be shifting tactics or focusing on different targets. Investors and DeFi platforms must remain vigilant, as the evolving threat landscape continues to pose risks to the industry.