Surge in DeFi Attacks: Over 12 Protocols Targeted in Two Weeks Following $280 Million Drift Protocol Exploit

Surge in DeFi Attacks: 12 Protocols Targeted in Two Weeks

In a troubling trend for the decentralized finance (DeFi) sector, at least 12 protocols and crypto businesses have fallen victim to cyberattacks in just over two weeks, following the staggering $280 million exploit of Drift Protocol on April 1. This wave of attacks has raised alarms about the security of the burgeoning DeFi landscape and the potential for more sophisticated threats in the future.

Among the targeted entities are notable names such as CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, BSC TMM, Aethir, MONA, Zerion, and most recently, Rhea Finance and the Grinex exchange. The Drift Protocol incident, which is considered one of the largest exploits of the year, involved a long-running social engineering scheme believed to be linked to North Korean-affiliated actors.

Rhea Finance Hit for $7.6 Million

On Thursday, Rhea Finance disclosed that it had been exploited for approximately $7.6 million. The attack was executed by leveraging a vulnerability in Rhea’s Margin Trading feature, leading to a coordinated pool manipulation attack that impacted the Rhea Lend smart contract. Blockchain security firm CertiK reported that the attacker created fake token contracts and added liquidity to new pools, effectively misleading the oracle and validation layer.

In a parallel incident, the Russia-linked Grinex exchange suspended its operations after suffering a $13.7 million hack, attributing the breach to “unfriendly states.”

A String of Exploits

The recent spate of attacks has not been limited to Rhea Finance and Grinex. Earlier this month, the Binance Smart Chain TMM/USDT liquidity pool experienced a reserve manipulation attack, resulting in a loss of around $1.67 million. Just days prior, bridge aggregator Dango lost $410,000 due to a smart contract bug on April 13. Other notable exploits include Silo Finance, which lost $392,000 on April 3 from a misconfigured oracle exploit, and Aethir, which suffered a $423,000 loss from an access control exploit on April 9.

AI and Social Engineering: A Growing Threat

As the DeFi sector grapples with these challenges, concerns are mounting about the role of advanced AI models in facilitating cyberattacks. The recent exploits of Drift Protocol and Zerion wallet exemplify how groups affiliated with the Democratic People’s Republic of Korea are increasingly using AI and social engineering tactics to infiltrate crypto companies and steal credentials and funds.

According to data from DefiLlama, malicious actors pilfered over $168.6 million in cryptocurrency from 34 DeFi protocols in the first quarter of 2026 alone, underscoring the urgent need for enhanced security measures in the rapidly evolving crypto landscape.

As the DeFi community continues to innovate, the imperative for robust security protocols has never been clearer. With the threat landscape evolving, stakeholders must remain vigilant to protect their assets and ensure the integrity of the decentralized finance ecosystem.