Crypto Hacks Drain Billions, Credential-Based Attacks on the Rise

The cryptocurrency industry is grappling with a growing threat from credential-based attacks, which have resulted in over $17 billion in losses over the past decade. According to DefiLlama's analysis, compromised private keys, phishing attempts, and other credential-focused breaches make up a large share of historical incidents.

The trend has intensified in recent months, with a notable example being the largest hack of 2026, where an attacker drained roughly 116,500 rsETH from Kelp DAO's LayerZero-powered bridge. This event reinforced concerns that crypto hackers are increasingly targeting operational layers rather than protocol code, exploiting human error and infrastructure gaps.

DeFi protocols have also faced significant pressure, with over $600 million in losses absorbed over the past 60 days. GSR noted that crypto hackers appear to be shifting toward operational security and developer tooling as smart contract audits improve.