Cryptocurrency losses exceed $17 billion over the past decade

According to the DefiLlama data platform, over the past ten years hackers have stolen more than $17 billion through 518 recorded attacks. The data shows that most incidents originated from private keys being compromised, alongside scams and credential theft. These figures reveal a troubling reality: the industry’s largest losses are increasingly coming from weak links such as wallet security, exchange signing infrastructure, and the human element behind the system, rather than from code-level protocol flaws as in the past. In addition, a report published Monday by crypto exchange GSR indicates more than $600 million was stolen from DeFi protocols in just 60 days. The two largest incidents were the Kelp DAO attack and the April 1 incident involving the Drift protocol on the Solana network. This reality raises questions: is focusing on smart contract audits alone still sufficient to protect users? According to GSR, as source-code level security improves, attackers are shifting to softer targets such as operational security, signing infrastructure, developer tools, and the human factors behind the system. This shift adds pressure to a capital market that has already seen profits shrink. GSR notes that yields in DeFi are nearing traditional finance (TradFi) levels, prompting questions about whether on-chain asset custody still justifies the increasing risk. Cybersecurity firms warn that rapid advances in malware and artificial intelligence are enabling attacks on crypto wallets and social-engineering scams to be deployed at a larger scale than ever. Dyma Budorin, co-founder and CEO of Hacken, points to the emergence of “hack-as-a-service” models, with attack tools packaged and traded on dark markets, allowing even those with limited technical backgrounds to participate in fraud campaigns. He told Cointelegraph on the sidelines of EthCC 2026: “Darknet platforms will take a percentage fee from the toolset, while most of the stolen funds go to the operators.” He also stressed that hackers often do not target highly complex targets, but favor “weak links”—users or systems that can be exploited with the lowest cost and effort. Hacken’s Q1 2026 report shows Web3 projects incurred about $482 million in losses in the quarter. Notably, fraud and socially engineered attacks accounted for $306 million, the largest single source of loss, surpassing traditional technical vulnerabilities. Nevertheless, the security picture is not entirely bleak. Scam Sniffer’s January report shows that losses from phishing scams in the crypto space fell sharply in 2025, indicating improved user awareness, even though new variants of malware and “drain-wallet” scenarios continue to emerge and evolve.