Twelve-plus protocols. Twenty days. More than $605 million gone. April 2026 is already the worst month for crypto theft of the year.
The attack surfaces don’t match. One was a bridge minting flaw. One was a pre-signed transaction after six months of social engineering. One was a domain hijack. One was a compromised hot-wallet credential. One was a sanctioned exchange that drained through plain withdrawals. The newest one is a hosting provider whose API keys leaked through a Google Workspace compromise at two in the morning.
Six different attack classes. One thing in common. Every single one of them ended — or is about to end — at the same place.
Every exploit ends at a withdrawal page. None of those pages ask if the human is real.
Six attack classes. One funnel.
Different chains. Different protocols. Different exploits.
This is the funnel. It’s why different attack vectors produce the same outcome. Code vulnerabilities, human manipulation, infrastructure compromise — all of them end at the same withdrawal page, and that page is the only layer in the stack not doing real-time identity verification.
Twenty days. Six attack classes. The full timeline.
- Apr 1, 2026 — Drift Protocol — $285M. Solana perpetuals drained in twelve minutes via pre-signed transactions after a long social-engineering campaign against Security Council members. Attack attributed to North Korea-affiliated actors. We wrote about it here.
- Apr 14, 2026 — CoW Swap — $1.2M. DEX aggregator’s domain provider was socially engineered into handing over control. Users were redirected to a fake site that drained wallets.
- Apr 16, 2026 — Grinex — $13M. Funds left through plain withdrawals, one transaction at a time, converted to ETH and TRX. Nothing re-verified any individual human. Breakdown here.
- Apr 18, 2026 — Kelp DAO — $293M. LayerZero-powered bridge exploited at 17:35 UTC. 116,500 rsETH released to a wallet funded through Tornado Cash ten hours earlier. Attacker deposited stolen tokens as collateral on Aave V3 and V4, borrowed roughly $236M in real wrapped ether, then repeated on Compound V3 and Euler. Emergency multisig froze core contracts 46 minutes later. Largest DeFi hack of 2026.
- Apr 20, 2026 — Vercel — API keys exposure. Hosting provider breached via compromised third-party Google Workspace integration. Crypto teams including Solana DEX Orca rotating keys. Blast radius unknown at publication.
Between the headline events, Zerion, Rhea Finance, and Silo Finance each got hit. DeFi-specific losses for 2026 now sit between $450 and $482 million across roughly 45 protocols. The broader crypto-ecosystem number — including exchange drains and infrastructure breaches — passes $605 million in twenty days.
When DeFi freezes, the only place money moves is the CEX.
The Kelp DAO hack wasn’t contained to Kelp. Within hours, Aave’s total value locked fell from $26.4 billion to roughly $20 billion — a $6.6 billion drop driven almost entirely by panicked depositor withdrawals. The AAVE token fell 16% intraday. SparkLend, Fluid, and Upshift all froze rsETH markets. Lido paused its earnETH product. Ethena temporarily shut down its LayerZero bridges from Ethereum mainnet as a precaution.
The more specific number is the one CISOs should stare at: Aave’s USDT stablecoin pool hit 100% utilization and at one point held only $2,540 withdrawable against $2.87 billion of supplied capital. WETH utilization was also maxed. The largest lending protocol in DeFi was temporarily unable to return its depositors’ money.
When DeFi liquidity freezes, panicked capital does not sit in Aave hoping the pool refills. It runs. It runs to Binance, to Coinbase, to Kraken, to every centralized exchange that still has a withdrawal button that works. Legitimate users and attackers converge on the same page in the same hour. Nothing there re-verifies the human.
Lorica does not stop a bridge exploit.
A biometric step-up API does not patch a broken minting function. It does not prevent a LayerZero bridge from being drained. It does not close a smart-contract reentrancy. Code vulnerabilities need code fixes. No face match has ever stopped a flash loan.
What it stops is the second half of the chain — the part where stolen value becomes usable money. A live face match at the withdrawal moment, producing a signed JWT the auditor can verify, turns a single compromised credential into a failing biometric the exchange can monitor and block. The exploit is the event. The withdrawal is where the insurance check gets written.
$605 million stolen. One API call to break the chain.
Three endpoints: /enroll at onboarding, /verify before any high-risk action, /delete when the user leaves. 292 milliseconds (warm path). A competent engineer ships the integration in a single sitting.
Every centralized venue an attacker routes stolen funds through to convert them into withdrawable cash is a point where that single biometric call could break the chain. Every panicked withdrawal flooding exchanges in the days after a hack is a verification call that doesn’t happen.
The regulatory and insurance walls are already closing.
MiCA enforcement begins July 1. Every exchange operating in the EU needs enhanced verification that extends past onboarding. The EU AI Act hits August 2. Biometric systems fall under a high-risk AI classification, meaning in-house builds now need compliance frameworks most exchanges can’t resource. NYDFS guidance from October 2024 explicitly flagged SMS, voice, and video-based MFA as deepfake-vulnerable and recommended biometric alternatives. Recommended, not required — but insurance underwriters are already pricing to the recommendation.
The next hack is this week. It will follow the same pattern as the last twelve. Something will break on-chain or at a provider. Stolen value will move. Panicked users will move. Every path will converge on a centralized exchange withdrawal page. Nothing there will ask who is pressing the button.
$605 million in twenty days is what the funnel looks like when nobody is checking.