Key Highlights
- A minimum of 12 cryptocurrency platforms have fallen victim to cyberattacks following the massive $280 million Drift Protocol breach on April 1, 2026.
- Rhea Finance suffered a $7.6 million loss when hackers exploited its Margin Trading functionality through fraudulent token contracts.
- Grinex, an exchange with Russian connections, saw approximately $15 million in USDT drained and quickly converted to TRX and ETH.
- Cybersecurity experts suspect North Korean hacking groups are behind several incidents, leveraging artificial intelligence and social engineering tactics.
- DefiLlama reports indicate that 34 DeFi platforms lost a combined $168.6 million during the first quarter of 2026.
The cryptocurrency sector is reeling from a relentless wave of cyberattacks, with at least 12 DeFi protocols and digital asset companies compromised in approximately two weeks after the devastating $280 million Drift Protocol hack on April 1, 2026.
The [[LINK_START_0]]Drift Protocol[[LINK_END_0]] incident ranks among 2026’s most significant cryptocurrency breaches. Intelligence suggests the attack stemmed from an extended social engineering operation, potentially orchestrated by North Korean-linked threat actors.
The subsequent victims include prominent platforms such as CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, BSC TMM, Aethir, MONA, Zerion, Rhea Finance, and the Grinex trading platform.
Financial damages have ranged dramatically, spanning from several hundred thousand dollars to losses exceeding tens of millions.
Major Breaches Target Rhea Finance and Grinex
On Thursday, the DeFi platform Rhea Finance experienced a devastating $7.6 million security breach. Cybercriminals exploited a critical weakness in the platform’s Margin Trading component to execute a sophisticated pool manipulation assault on the Rhea Lend smart contract infrastructure.
Cybersecurity company CertiK determined that the perpetrators deployed counterfeit token contracts and injected liquidity into newly established pools, effectively deceiving the oracle system and validation mechanisms.
Rhea Finance has acknowledged the security compromise through official channels and maintains ongoing dialogue with affected users.
Concurrently, Kyrgyzstan-based Grinex exchange suspended all withdrawal and trading operations following what management characterized as a comprehensive cyberattack.
Grinex’s preliminary assessment indicated losses exceeding 1 billion rubles, equivalent to roughly $13.1 million. However, blockchain intelligence firm Elliptic calculated the actual theft at approximately $15 million in USDT.
The compromised USDT was rapidly transferred across Tron and Ethereum blockchain networks before conversion into TRX and ETH. According to Elliptic, this conversion strategy aimed to circumvent Tether’s ability to freeze USDT addresses associated with criminal activity.
Grinex attributed the attack to “hostile states” possessing capabilities beyond typical cybercriminals. The platform is commonly regarded as the successor to Garantex, which U.S. authorities dismantled last year for facilitating hundreds of millions in illicit cryptocurrency transactions.
Accumulating Losses From Multiple Breaches
Additional April incidents include Silo Finance’s $392,000 loss on April 3 resulting from oracle misconfiguration, Aethir’s $423,000 theft via an access control vulnerability on April 9, and bridge aggregator Dango’s $410,000 loss from a smart contract flaw on April 13.
The Binance Smart Chain TMM/USDT liquidity pool also sustained damages in early April, with approximately $1.67 million stolen through a reserve manipulation technique.
North Korean cybercriminal organizations have been implicated in multiple incidents, deploying AI-powered tools and advanced social engineering methods to infiltrate cryptocurrency enterprises.
DefiLlama’s comprehensive data reveals that malicious actors extracted over $168.6 million from 34 DeFi protocols throughout the first quarter of 2026.
Elliptic’s investigation has identified Grinex as a central exchange for ruble-to-cryptocurrency conversions and the ruble-pegged stablecoin A7A5, which reportedly facilitated transactions exceeding $100 billion in total value.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
