Crypto hackers stole more than $168.6 million from 34 decentralised finance protocols in the first quarter of 2026, according to DefiLlama data.
The figure marks a sharp decline from the $1.58 billion stolen in the same period last year, which was heavily driven by a single large exploit.
The largest incident this quarter was a $40 million private key compromise at Step Finance, followed by a $26.4 million smart contract exploit targeting Truebit.
Security experts caution that hacking activity is not tied to fixed timelines but tends to increase during periods of market growth and rising liquidity.
“Bull markets, major product launches and fast-moving growth phases all create more attractive conditions for attackers because more value is at stake,”
Said Kraken chief security officer, Nick Percoco.
The threat landscape includes a mix of actors, from highly coordinated state-linked groups to opportunistic hackers exploiting vulnerabilities in smart contracts and user systems.
North Korea-linked groups remain a persistent risk, with recent attacks such as the Drift Protocol exploit highlighting ongoing threats to the sector.
Experts warn that evolving tactics, including social engineering and AI-driven attacks, could make future exploits more sophisticated despite the lower losses this quarter.