How much crypto has been stolen over the past decade?

Data from DefiLlama shows more than $17 billion has been stolen across 518 crypto-related hacks over the past 10 years. This highlights the scale of security challenges facing the industry.

What is the biggest cause of crypto hacks today?

Private key compromises are now a leading cause of losses. These include brute-force attacks (22.3%), unknown key compromise methods (18.2%), and phishing attacks targeting wallets.

Why are private key attacks becoming more common?

Attackers are shifting away from smart contract bugs toward easier targets like wallets and user credentials. This is because protocol security has improved, making human and operational weaknesses more attractive.

What is a private key compromise in crypto?

A private key compromise happens when an attacker gains access to the secret key controlling a wallet. Once obtained, they can transfer funds without needing to hack the blockchain itself.

How much has been lost in DeFi recently?

According to GSR, more than $600 million has been stolen from DeFi protocols in the past 60 days. Major incidents include bridge and exchange exploits.

What was the recent Kelp DAO exploit?

A recent attack drained around $290 million in restaked Ether from a Kelp DAO-related bridge. This is one of the largest crypto hacks in 2026 so far.

Are smart contract audits still effective?

Audits remain important, but they are no longer enough on their own. Attackers are increasingly targeting infrastructure, signing systems, and users instead of code vulnerabilities.

How are AI and malware changing crypto hacking?

Advances in AI and malware are making phishing and social engineering attacks easier to scale. This lowers the barrier to entry, allowing more attackers to target crypto users.

Crypto hacks top $17B as key theft rises

Written by Mahathir BayenaPublished Apr. 22 2026Last Updated Apr. 22 2026

Data from DefiLlama shows hackers have stolen more than $17 billion across 518 crypto-related incidents over the past decade, with private key compromises emerging as a major driver.

The data indicates that 22.3% of incidents involved brute-force private key attacks, 18.2% came from unknown key compromise methods, and 10% stemmed from phishing targeting multi-signature wallets.

The findings highlight a shift in attack patterns away from smart contract vulnerabilities toward weaknesses in wallet security, infrastructure, and user behaviour.

The trend follows a recent $290 million exploit involving a restaked Ether bridge linked to Kelp DAO, underscoring ongoing risks in decentralised finance systems.

According to GSR, more than $600 million has been stolen from DeFi protocols in the past 60 days, with major incidents tied to bridge and exchange exploits.

Cybersecurity firms warn that advances in artificial intelligence and malware are making phishing and social engineering attacks easier to scale, lowering barriers for attackers.

Despite some improvement in phishing awareness, the rise of “hacking-as-a-service” tools continues to expand the threat landscape, increasing risks for crypto users and platforms.

At the time of reporting, Ethereum price was $2,337.06.