At least 12 DeFi protocols and crypto firms have been hit in just over two weeks since the April 1 exploit that drained about $280 million from Drift Protocol. Targets since early April include CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, the BSC TMM pool, Aethir, MONA, Zerion, Rhea Finance and the Grinex exchange.
Drift Protocol suffered one of the largest exploits this year on April 1, losing roughly $280 million in what investigators have described as a long-running social‑engineering campaign possibly tied to North Korean‑affiliated actors. The breaches have heightened concerns that increasingly capable AI models — including Anthropic’s Claude Mythos and similar systems — could lower the bar for future cyberattacks by aiding social‑engineering and automation.
Rhea Finance disclosed a coordinated attack on its margin‑trading feature that targeted the Rhea Lend smart contract, with blockchain security firm CertiK reporting approximately $7.6 million stolen. According to analysis, the attacker deployed fake token contracts and seeded liquidity into newly created pools, likely deceiving or manipulating an oracle and validation layers to execute the drain.
Russia‑linked exchange Grinex suspended operations after a $13.7 million hack, attributing the intrusion to “unfriendly states.” Other recent incidents include a reserve‑manipulation attack on a Binance Smart Chain TMM/USDT liquidity pool that cost about $1.67 million, and a smart‑contract bug that saw bridge aggregator Dango lose $410,000 on April 13.
Earlier in April, Silo Finance was hit for roughly $392,000 by a misconfigured oracle exploit, and decentralized GPU cloud Aethir lost about $423,000 through an access‑control vulnerability. The Drift and Zerion incidents have been cited as examples of adversaries using AI‑assisted social engineering to gain credentials and access to funds.
Overall, malicious actors extracted over $168.6 million from 34 DeFi protocols in Q1 2026, according to DefiLlama data, underscoring a persistent risk environment for decentralized finance. The spate of attacks has also prompted legal and regulatory fallout, including a class action against stablecoin issuer Circle related to the Drift incident.
Cointelegraph notes its commitment to independent, transparent journalism and encourages readers to verify information independently in line with its Editorial Policy.