Recently, the co-founder of OpenZeppelin issued a warning regarding security issues in the DeFi News sector, emphasizing that the current security situation is concerning. In April alone, nearly $630 million was stolen from DeFi News protocols. Major incidents include a $285 million exploit of Drift and a $293 million attack on Kelp DAO, both linked to North Korean hacker groups. According to data from DeFi NewsLlama, April recorded 27 DeFi News vulnerability incidents, and this trend continued into May, with an additional 25 new attack cases reported to date.
Escalating Security Concerns in DeFi News
Aráoz pointed out that the balance between attackers and defenders in the DeFi News industry has become uneven, especially with the rise of AI-driven coding agents that can exploit vulnerabilities in smart contracts. He stated that defenders must ensure every potential weakness in their protocols, while attackers only need to find one flaw to steal millions of dollars.
The theft amount in April, nearly $630 million, made it the worst month for DeFi News-related hacker attacks since the Bybit incident in February 2025, when hackers stole approximately $1.5 billion. The losses in April were primarily due to two major attacks.
One incident involved a $285 million attack on Drift, believed to have been executed after six months of complex social engineering. The other major attack targeted Kelp DAO, where hackers exploited vulnerabilities in the project's cross-chain bridge infrastructure to steal around $293 million.
(Data Source: DeFi NewsLlama)
This trend continued into May, with another 25 DeFi News vulnerability incidents reported, although the financial losses were relatively smaller compared to the massive destruction in April. One incident involved a loss of $11.6 million related to the Verus Network Ethereum bridge. Meanwhile, the prediction market platform Polymarket recently confirmed a security vulnerability of $573,200, which may have stemmed from leaked private keys associated with an internal operational wallet.