Transit was previously exploited in 2022 for $21 million, although around 70% of the stolen assets were later returned.
Transit Finance hacked for $1.88 million
Transit Finance was exploited for $1.88 million after an attacker exploited a "legacy contract" on the TRON blockchain that the project said was deprecated in 2022. "Historical vulnerabilities within it" were exploited, the project explained, allowing the attacker to steal $1.88 million.
TAC bridge exploited for $2.8 million
The TAC bridge, which bridges assets from the Ethereum blockchain to the Telegram-linked TON chain, was exploited for $2.8 million. The project paused the bridge and announced they were investigating.
The project has announced they intend to "restor[e] bridge liquidity through a legally structured sale of Foundation's TAC token treasury reserves."
TrustedVolumes suffers $6.7 million exploit
TrustedVolumes, a resolver and market maker used by 1inch and other defi platforms, suffered a $6.7 million exploit after an attacker was able to steal funds without proper validation. The thief then swapped the stolen wETH, USDT, wBTC, and USDC through ChangeNow and converted them to ETH to evade freezes.
Blockchain research firm Blockaid has linked the attacker to a similar exploit in March 2025 that saw $5 million drained from 1inch. This time, 1inch has asserted that although they use TrustedVolumes as a resolver, the exploit did not involve any of their systems.
Ekubo exploited for $1.4 million
The Ekubo automated market maker infrastructure project experienced a $1.4 million theft after attackers were able to take advantage of a smart contract that improperly verified permissions. They stole 17 wBTC ($1.4 million), which they swapped for ETH and laundered via Tornado Cash.
Wasabi Protocol exploited for more than $5 million
The Wasabi Protocol defi derivatives platform has been exploited for more than $5 million across multiple blockchains. The attack has been attributed by blockchain security firms to a compromised admin key, which allowed the attacker to upgrade contracts to steal assets.
Volo Protocol exploited for $3.5 million, most recovered
The Sui-based Volo Protocol defi yield platform was exploited for around $3.5 million after an attacker targeted three vaults holding wBTC, XAUm (a tokenized gold asset), and the USDC stablecoin.
Volo says they have frozen or recovered all but around $60,000. They have also said they are "prepared to absorb this loss", rather than passing losses along to their users.
Kelp DAO bridge hacked for $292 million
An attacker stole 116,500 rsETH (restaked ether) from a blockchain bridge run by Kelp DAO. Based on prices at the time of the theft, the stolen tokens would be worth around $292 million — however, the attacker is likely to face challenges selling a quantity of tokens that amounts to 18% of rsETH's circulating supply.
When tokens are bridged from one chain to another, the tokens on the original chain are locked in the bridge smart contract while the token is used on the other chain, preventing its owner from double-spending the asset. With 116,500 locked rsETH now stolen, those using the token on other blockchains are now holding possibly unbacked tokens.
The rush for holders to offload their dubiously backed tokens is likely to worsen contagion throughout defi protocols, where those platforms could be left holding the bag. Some platforms, including Aave, Lido Finance, and Ethena, have paused markets involving rsETH to try to protect themselves.
This hack has set the new record for the largest defi hack in 2026, following the $285 million Drift exploit on April 1.
Rhea Finance exploited for $18.4 million, some recovered
Rhea Finance's lending product was exploited for around $18.4 million after an attacker took advantage of a bug in the platform's slippage protection feature. The stolen assets affected both platform and user funds.
Some of the stolen tokens were returned by the attacker to the protocol, and around $4.35 million USDT were frozen by its issuer, Tether. Altogether, around $10 million was recovered, leaving $8.4 million outstanding.
- RHEA Finance Protocol Incident, Rhea Finance
Russian Grinex exchange halts trading after $13 million+ exploit
The Russian cryptocurrency exchange Grinex has halted trading after disclosing a hack of more than 1 billion rubles (more than $13 million). The exchange has claimed on Telegram that the hack was perpetrated by "foreign special services" they allege were trying to harm Russian financial independence.
According to blockchain intelligence firms TRM Labs and Chainalysis, Grinex is a rebranded version of the Garantex cryptocurrency exchange that was shut down and sanctioned in March 2025. Two of its operators were subsequently criminally charged in the US.
CoW Swap users lose estimated $1.2 million after DNS hijacking
Users who visited the website for the CoW Swap DEX aggregator on April 14 were unknowingly redirected to a malicious website that drained their crypto wallets. An attacker was able to socially engineer CoW Swap's domain registrar, allowing them to redirect visitors to a malicious site for a period of several hours. CoW Swap has estimated that people who used the service during that time lost around $1.2 million.
- "POST MORTEM: Cow.fi Domain Hijack", CoW DAO