DeFi Lost $600 Million to Hacks in 2026. KelpDAO and Drift Protocol Are the Wake-Up Call.

Blockchain platforms suffered more than $600 million in losses from hacks and exploits in 2026, with two attacks accounting for the majority of the damage: the $293 million KelpDAO exploit and the $280 million Drift Protocol attack. North Korean state affiliated hackers used AI assisted social engineering to steal approximately $100,000 from Zerion’s hot wallets in a separate incident that received less attention but signaled a new attack methodology. The pattern across 2026’s incidents is not random vulnerability. It is systematic targeting of the same categories of risk that previous DeFi exploits exposed and protocols failed to remediate.

Key Highlights

• DeFi protocols and blockchain platforms lost more than $600 million to hacks and exploits in 2026, with two incidents accounting for more than 95% of total losses
• The KelpDAO exploit resulted in $293 million in losses. KelpDAO is a liquid restaking protocol built on EigenLayer that allows users to stake ETH derivatives for additional yield.
• The Drift Protocol attack resulted in $280 million in losses. Drift is a decentralized perpetuals exchange on Solana with significant open interest and liquidity pools.
• North Korean hackers, attributed to the Lazarus Group, used AI generated personas and AI assisted social engineering to compromise Zerion employees and access hot wallet funds, stealing approximately $100,000
• The $600 million figure through April 2026 is on pace to exceed 2024’s full year DeFi loss total if the current incident rate continues
• Security researchers note that all three major 2026 incidents exploited attack surfaces identified in prior incidents: bridge contracts, cross protocol integrations, and social engineering of team members

The KelpDAO exploit: what happened

KelpDAO is a liquid restaking protocol built on EigenLayer, the restaking infrastructure that lets Ethereum validators secure multiple networks simultaneously using the same staked ETH. Liquid restaking adds another layer: KelpDAO issues rsETH tokens that represent restaked positions and allow holders to use those positions as collateral in DeFi lending markets without unstaking.

That architecture creates a compounding risk surface. A vulnerability in KelpDAO’s rsETH accounting, in EigenLayer’s underlying contracts, or in any lending protocol that accepted rsETH as collateral could cascade across multiple layers simultaneously. The $293 million KelpDAO exploit exploited a similar to reentrancy vulnerability in the protocol’s withdrawal logic that allowed an attacker to claim more rsETH than their underlying stake justified before the accounting updated. The attack was executed in multiple transactions across a short window before the protocol team was able to pause the contracts.

The exploit method was not new. Reentrancy vulnerabilities have been the single most exploited category in DeFi since The DAO hack in 2016. Security audit standards developed specifically to catch reentrancy exist and are widely used. The KelpDAO vulnerability persisted through audits, suggesting either an audit that missed the specific interaction pattern or a code change after audit that introduced the vulnerability. Either explanation points to a process failure rather than an insurmountable technical problem.

The Drift Protocol attack: the Solana context

Drift Protocol is a decentralized perpetuals exchange on Solana processing significant open interest. The $280 million attack exploited Drift’s oracle price integration, specifically a manipulation of the price feed that Drift used to settle positions during a period of high market volatility. The attacker coordinated large trades on external markets to move the price feed, then used the manipulated price to open and close positions on Drift at exploitable spreads before the oracle corrected.

Oracle manipulation is the second most common DeFi attack category after reentrancy. The attack vector has been documented in detail since the 2020 bZx exploits. Protocols that use price feeds from decentralized oracles like Chainlink are more resistant to this attack because the oracle aggregates prices from multiple sources and is difficult to manipulate through a single market. Protocols that use their own internal price calculations or thin market oracle sources are notably more vulnerable. Drift’s specific oracle architecture at the time of the attack has not been fully disclosed in public post mortems as of April 26, 2026.

Solana’s DeFi ecosystem has grown rapidly in 2025 and 2026, attracting both legitimate capital and attacker attention. Higher TVL creates larger attack incentives. Solana’s transaction speed, which is one of its primary competitive advantages for trading applications, also means attacks can be executed and front running protections bypassed faster than on slower chains. The speed that makes Drift viable as a perpetuals exchange also makes it a more attractive target for sophisticated oracle manipulation attacks.

The North Korean AI social engineering shift

The Zerion incident is smaller in dollar terms but more significant as a signal of how attack methodology is evolving. Lazarus Group, the North Korean state affiliated hacking organization credited with billions in crypto theft since 2017, has historically focused on technical exploits of bridge contracts and exchange custody systems. The Zerion attack used a different approach: AI generated fake personas applied for remote positions at Zerion, passed initial screening using AI assisted interview preparation, gained trusted internal access, and then used that access to reach hot wallet credentials.

The $100,000 stolen from Zerion is small. The methodology is not. An AI generated persona that can pass a technical job interview and background screening does not need to hack a protocol’s smart contracts. It needs to get hired and wait. The security model for DeFi protocols has historically focused on code audits, bug bounties, and formal verification. None of those defenses addresses an attacker who becomes a trusted team member through a hiring process that has no defense against AI generated credentials and interview performance.

The implication for DeFi security is that team level identity verification needs to become as rigorous as code audits. Background checks that rely on verifiable credentials, in person verification for positions with access to sensitive systems, and strict hot wallet access controls that require multi party authorization regardless of employee seniority are the immediate responses. The same AI capability driving agent deployment growth is being applied to attack surface expansion. The tools are dual use and the attackers are adapting faster than most security policies.

The pattern and what it demands

Three incidents, three exploit categories, all previously documented: reentrancy, oracle manipulation, and social engineering. The $600 million in 2026 losses is not evidence that DeFi is uniquely insecure. It is evidence that known vulnerabilities are not being remediated at the pace that attacker sophistication is growing.

The remediation requirements are not mysterious. Reentrancy: formal verification of withdrawal logic before deployment, with mandatory follow up audit after any code change touching that logic. Oracle manipulation: migration to multi source aggregated price feeds for any protocol with TVL above $50 million. Social engineering: multi party authorization for hot wallet access with mandatory in person or verified by video identity checks for all personnel with wallet access.

What prevents those remediations is not technical complexity. It is economic pressure. Protocols that move faster to market gain TVL and trading volume ahead of competitors. Security audits take time and money. Multi party authorization adds friction to operations. The competitive economics of DeFi create incentives to deploy first and audit later, which is exactly the environment that produced $600 million in 2026 losses in four months. The AI agent deployment wave adding 150,000 new on chain actors increases the attack surface further. Agents that autonomously manage DeFi positions are new targets with potentially larger attack payoffs than individual user wallets.

The TCB View

$600 million in DeFi losses through April 2026 is not a DeFi death knell. It is a sector that has grown fast enough to attract sophisticated, well resourced attackers and has not matured its security culture fast enough to match. The attack methods are all known. The defenses are all known. The gap is implementation: getting protocols to prioritize security investment over deployment speed before the exploit happens rather than after. KelpDAO and Drift Protocol are the latest proof that the gap is still very large. The North Korean AI social engineering vector is the signal that the gap is getting more dangerous, not less. DeFi’s long term credibility depends on closing that gap. The $600 million number is the cost of not having done it already.