Crypto attackers siphoned roughly $168.6 million from 34 DeFi protocols in Q1 2026, according to DefiLlama data. The quarter’s largest incident was a $40 million private-key compromise at Step Finance in January. A January 8 smart-contract manipulation drained about $26.4 million in ether from Truebit, and a March 21 private-key breach at stablecoin issuer Resolv Labs ranked as the third-largest loss.
While significant, the Q1 2026 total is far below the $1.58 billion stolen in Q1 2025, a period dominated by the $1.4 billion Bybit exploit. Analysts emphasize, however, that hacks do not follow strict calendar cycles. Nick Percoco, chief security officer at Kraken, told Cointelegraph that crypto-related cybercrime tends to spike around market events and periods when liquidity concentrates — for example, during bull runs, major product launches or rapid growth phases — because those conditions increase the value at stake and can expose new vulnerabilities.
Percoco noted that attacks can occur in any market environment and that continuous security practices are essential, especially in complex or rapidly evolving systems. He described the current threat landscape as a mix of state-affiliated actors targeting core infrastructure, organized cybercriminal groups, and opportunistic hackers probing smart contracts and client systems for weaknesses.
North Korea-linked actors continue to pose a persistent threat to crypto platforms and investors and have been suspected in a number of high-profile incidents. Recent private-key leaks have caused major losses across the industry; for example, Drift Protocol suffered an estimated $285 million loss tied to a private-key compromise.
Security experts have warned that 2026 could bring increases in sophisticated credential theft, social engineering campaigns, and AI-assisted attacks, raising the stakes for DeFi projects and custodial services alike. The common factors that make a target attractive are clear: large concentrations of value, technical complexity, and gaps in operational security.
Cointelegraph reports independently and encourages readers to verify details against primary sources. This article was prepared in line with the outlet’s editorial standards and aims to provide accurate, timely information about ongoing risks in the crypto ecosystem.