Between January and April 2026, decentralized finance lost roughly $765 million to hacks. Half of that sum landed in the first 18 days of April through two incidents: Drift Protocol for $285M and Kelp DAO for $292M. The structural shift of 2026 is unambiguous: the expensive hacks no longer come from buggy code — they come from compromised operational infrastructure: keys, servers, verifiers, and people.
The 2026 Numbers
According to DeFiLlama, Q1 2026 saw 34 DeFi protocol incidents totaling $168.6 million. That’s a sharp drop from Q1 2025 ($1.58B), but the 2025 figure was distorted by the single $1.4B Bybit breach.
April 2026 flipped the trend. Halborn recorded $606 million in losses across 12 incidents — the worst month since February 2025. Drift and Kelp alone accounted for $577M, or 95% of all April losses.
| Period | Losses | Incidents | Source |
|---|---|---|---|
| Q1 2026 | $168.6M | 34 | DeFiLlama |
| April 2026 (through 26 Apr) | ≈ $606M | 12 | Halborn |
| YTD 2026 | ≈ $765M | 46+ | — |
Halborn’s Q1 review puts it bluntly: “the most expensive attacks are no longer smart-contract bugs — they are key-management failures.” Mitchell Amador, CEO of Immunefi, makes the same point: “Web2 operational failures, not on-chain code.”
Taxonomy: Five Layers of Compromise
Every verified major case of 2026 fits into one of five attack layers — defined by what the attacker compromised, not what they stole.
| Layer | What gets compromised | 2026 cases | YTD share |
|---|---|---|---|
| L1. Contract logic | Code bugs (overflow, access control, reentrancy) | Truebit, SwapNet, SagaEVM | ≈ 6% |
| L2. Oracles and data | Price manipulation via fake pools | Rhea Finance, YieldBlox | ≈ 3% |
| L3. Operational security | Keys, KMS, devices, RPC nodes | Step Finance, Resolv Labs, Kelp DAO | ≈ 45% |
| L4. Social engineering and governance | Contributors, multisig, blind signing | Drift Protocol | ≈ 38% |
| L5. Frontend and DNS | Interface hijack, domain | CoW Swap | < 1% |
L3 + L4 + L5 — everything outside on-chain code — accounts for more than 90% of YTD losses. The classic “smart-contract hack” is below 10%.
A walkthrough by layer follows, with one representative case for each.
Layer 1: Contract Logic — Truebit
Loss: $26.4M · Date: 8 January 2026 · Chain: Ethereum
Truebit is a verifiable-computation protocol for smart contracts. The attacker drained 8,535 ETH through a flaw in TRU token-purchase pricing.
The root cause was an integer overflow in the buy formula. The contract had been deployed in 2021, compiled with a Solidity version below 0.8 (no built-in overflow protection), and had never received an independent audit. The asymmetric buy/sell pricing model was supposed to deter speculators; without overflow checks it became a door to the reserves.
Within hours of the disclosure, the TRU token lost 99.95% of its market cap. Hours later the protocol was exploited again, for an additional ~$300K.
Lesson: legacy contracts are technical debt with growing toxicity. Any contract deployed before Solidity 0.8 (or before the discovery of a new attack vector) remains a landmine until it is wound down or redeployed with modern guarantees.
Layer 2: Oracle Manipulation — Rhea Finance
Loss: $18.4M (revised; initially reported as $7.6M) · Date: 16 April 2026 · Chain: NEAR
Rhea Finance is the largest DeFi protocol on NEAR. Over two days the attacker prepared 423 dummy wallets and deployed fake token contracts paired with their own liquidity pools. The margin-trading parser then accepted swap routes through these pools as valid price data and allowed the fake tokens to be used as collateral.
The vulnerability lay in slippage protection: the system aggregated expected output amounts across swap steps without accounting for the same tokens being reused across multiple steps within a transaction. This let the attacker construct a sequence of swaps that bypassed slippage limits and drained USDC, USDT, ZEC and wNEAR.
The attacker partially returned funds (about $3.36M USDC and 1.56M NEAR sent back to the RHEA lending contract). Tether additionally froze $3.29M USDT.
Lesson: an oracle is always an agreement to trust a source. If the protocol accepts prices from arbitrary liquidity pools, the attack surface expands to “anyone who can deploy a fake token pool” — i.e., effectively unbounded.
Layer 3: Operational Security — Step, Resolv, Kelp
This is the dominant attack vector of 2026. Three cases, three different operational failures.
Step Finance: Device Compromise
$27M · 31 January 2026 · Solana
The attackers used targeted phishing and malware to compromise team devices and, through them, the treasury and fee-collection wallets. They drained 261,854 SOL. The smart contracts were never breached — the corporate perimeter was.
Token22 protections allowed the team to recover $4.7M, but the STEP token collapsed by 96%. In February 2026 Step Finance announced a full shutdown; affiliated SolanaFloor and Remora Markets followed.
Resolv Labs: Cloud KMS Compromise
$24.5M · 22 March 2026 · Ethereum
Resolv issued the yield-bearing stablecoin USR. The attacker compromised AWS Key Management Service — the cloud-stored private key used to sign mint operations. With control of the KMS, they could authorize any mint.
The Counter contract accepted a parameter from an off-chain signer and verified the minimum USR output — but did not check the maximum. With a deposit of $100–200K in USDC, the attacker minted 80 million unbacked USR, sold them on DEXs and extracted ETH. USR depegged to as low as $0.20 (an 80% drop), partially recovering to $0.56.
Kelp DAO: Cross-Chain Messaging Infrastructure Compromise
$292M · 18 April 2026 · Ethereum + 20 chains
The biggest case of the year and the culmination of the operational layer. Kelp issued rsETH — a liquid restaking token wrapped via LayerZero across 20+ blockchains.
Anatomy of the attack:
- The attackers (attributed by LayerZero to North Korea’s Lazarus Group) compromised two RPC nodes serving Kelp’s LayerZero bridge.
- In parallel, they ran a DDoS against the remaining (uncompromised) nodes, forcing the system to fail over to the “poisoned” ones.
- The compromised nodes fed forged burn data from the source chain to the single verifier — the LayerZero Labs DVN.
- Kelp ran a 1-of-1 DVN configuration: a single verifier with no second signature required. The forged packet (nonce 308) passed verification and reached the adapter on Ethereum.
- The adapter minted 116,500 rsETH (≈ 18% of the circulating supply) to the attacker’s address.
- The minted rsETH was deposited as collateral on Aave and Compound, used to borrow real ETH, which the attacker withdrew. This left up to $230M in bad debt on Aave (other estimates put it at $177M).
Kelp paused the bridge 46 minutes later (at 18:21 UTC). Two follow-up attempts (40,000 rsETH each, $100M apiece) were reverted. Arbitrum’s Security Council froze 30,766 ETH ($71M).
LayerZero’s post-mortem stated it had repeatedly recommended Kelp move to a multi-DVN configuration, but the recommendations had been ignored. Kelp disputes that account, arguing 1-of-1 is the default configuration of the LayerZero integration.
Lesson for L3 as a whole: the off-chain layer is the protocol’s perimeter. The quality of the smart contract is irrelevant if the key sits in an insecure KMS or the bridge depends on a single verifier.
Layer 4: Social Engineering and Governance — Drift Protocol
Loss: $285M · Date: 1 April 2026 · Chain: Solana
Drift was the largest DeFi protocol on Solana, with $550M in TVL. In 12 minutes on April 1, the attacker withdrew $285M — primarily JLP tokens ($159.3M), USDC ($71.4M), and other assets.
There is no “classic” hack anywhere in the attack:
- For six months the attackers posed as a quantitative trading firm, building trust within the Drift team and among multisig signers.
- Once they had access to the development environment, they slipped several dormant transactions — bundles to be signed by Security Council members — leveraging Solana’s durable nonces mechanism, which lets a transaction be signed now and executed at any later time.
- The signers signed the transactions blind — without understanding their full contents.
- At the chosen moment the attacker minted 500 million fake CVT tokens with a synthetic price, whitelisted as collateral. Against this “collateral” they withdrew real USDC, SOL, ETH and JLP.
Drift’s TVL collapsed from $550M to $250M. Per TRM Labs and Elliptic, this was the 18th Lazarus Group crypto operation of 2026. In the 19 days separating Drift and Kelp, the group extracted more than $575 million from DeFi through two structurally different vectors: social engineering of signers, and compromise of verification infrastructure.
Lesson: a 2-of-5 multisig is not decentralization if the signers sign blindly and can be socially engineered.
What This Means for Tokenomics
DeFi protocol security is inseparable from its tokenomics — and the 2026 cases make this especially clear.
Token distribution = governance attack surface. Drift shows how operational governance through a narrow multisig (2-of-5) becomes an architectural single point of failure. The same applies to governance-token distribution: concentration in one holder, or cheap delegation, opens the door to governance attacks.
Multisig and timelock are part of tokenomics, not an accessory. Drift demonstrated that a multisig without mandatory simulation and human review of transactions (rather than blind signing) is useless. A timelock — a delay between signature and execution of critical transactions — would have given Drift’s council hours to spot the anomaly. There was none.
Insurance funds vs. loss socialization. Aave Umbrella will partially absorb the bad debt from Kelp — estimated up to $50M. The remaining shortfall, on the order of tens of thousands of ETH, will be allocated through governance. The likely mechanism is additional AAVE emission to compensate ETH suppliers. That is direct dilution of token holders — and in 2026 it is becoming the new norm for post-incident handling of major hacks.
Off-chain trust must be reflected in tokenomics. If a protocol depends on a single DVN verifier (Kelp), a single cloud KMS (Resolv), or team devices (Step), those dependencies have to be explicitly disclosed in the project’s risk documentation and priced into the token. Hidden off-chain trust is hidden dilution risk in the event of a hack.
Team Checklist for 2026
Conclusion
DeFi 2026 is no longer a battle of code. It is a battle of operational maturity and the architectural decisions a team makes before launch. A smart-contract audit will not protect you from an AWS KMS compromise. Open-source code will not protect you from blind signing. A “decentralized” DAO with a 2-of-5 multisig over the treasury is a centralized object for social engineering.
The takeaway for tokenomists: the architecture of governance, keys, and off-chain dependencies is part of tokenomics, not a separate technical discipline. If the project’s design doc has no description of how off-chain secrets are protected and exactly who signs which transactions, the tokenomics model is unsafe by default — regardless of how clean the vesting schedule and distribution look on paper.
Tokenomics and operational security audit
We'll review your protocol's architecture against the dominant 2026 attack vectors: governance, multisig, bridge integrations, KMS, vesting.
Discuss an audit