At least a dozen DeFi protocols and crypto firms have been compromised in the two weeks since the April 1 exploit that drained roughly $280 million from Drift Protocol. Targets reported since early April include CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, the BSC TMM pool, Aethir, MONA, Zerion, Rhea Finance and the Grinex exchange.
Drift’s April 1 incident — one of the largest exploits this year — has been described by investigators as the result of a long-running social‑engineering campaign, potentially linked to North Korean–affiliated actors. The string of breaches has raised concerns that increasingly capable AI models, including advanced systems such as Anthropic’s Claude Mythos and comparable tools, could lower the bar for future attacks by assisting social engineering and automating parts of an attacker’s workflow.
Rhea Finance disclosed a coordinated assault on a margin‑trading feature that targeted the Rhea Lend smart contract; blockchain security firm CertiK estimated about $7.6 million was stolen. Analysis indicates the attacker deployed fake token contracts and seeded liquidity in new pools, likely manipulating oracles and validation layers to enable the drain.
Russia‑linked exchange Grinex suspended operations after a $13.7 million intrusion, attributing the breach to “unfriendly states.” Other recent incidents include a reserve‑manipulation attack on a Binance Smart Chain TMM/USDT liquidity pool that cost roughly $1.67 million, and a smart‑contract bug that led to a $410,000 loss at bridge aggregator Dango on April 13.
Earlier in April, Silo Finance lost about $392,000 to a misconfigured oracle exploit, and decentralized GPU cloud Aethir reported roughly $423,000 stolen via an access‑control vulnerability. The Drift and Zerion cases have been cited as examples of adversaries leveraging AI‑assisted social engineering to obtain credentials and access funds.
Overall, DefiLlama data shows malicious actors extracted more than $168.6 million from 34 DeFi protocols in Q1 2026, underscoring persistent risks in decentralized finance. The wave of attacks has also spurred legal and regulatory fallout, including a class action against stablecoin issuer Circle tied to the Drift incident.
The original reporting outlet emphasizes its commitment to independent, transparent journalism and encourages readers to verify information independently in accordance with its editorial policy.