At least 12 DeFi protocols and crypto businesses have been attacked in just over two weeks since the $280 million Drift Protocol exploit on April 1.
Attacks aimed at crypto protocols or companies since the start of April include CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, BSC TMM, Aethir, MONA, Zerion and, most recently, Rhea Finance and the Grinex exchange.
The Drift Protocol was hit with one of the largest exploits this year on April 1, losing around $280 million in a long-running social engineering attack suspected to involve North Korean-affiliated actors.
The attacks also come amid growing concerns this month that advancing AI models, such as Anthropic’s Claude Mythos and equivalent models, could eventually make it even easier for cyberattackers in the future.
Rhea Finance exploited for $7.6 million
DeFi protocol Rhea Finance reported on Thursday that an attacker “leveraged a vulnerability in Rhea’s Margin Trading feature to execute a coordinated pool manipulation attack,” impacting the Rhea Lend smart contract.
Around $7.6 million was extracted, according to blockchain security firm CertiK.
“The attacker created fake token contracts and added liquidity in fresh pools, likely misleading the oracle and validation layer,” it explained.
Meanwhile, the Russia-linked Grinex exchange suspended operations after a $13.7 million hack on Thursday, blaming “unfriendly states” for the incursion.
Related: Stablecoin issuer Circle faces lawsuit over $280M Drift Protocol hack
Another attack this month was aimed at the Binance Smart Chain TMM/USDT liquidity pool, which suffered a reserve manipulation attack, resulting in the loss of around $1.67 million in early April, R3ACH Network analyst Jussy said on Thursday.
It followed just days after bridge aggregator Dango lost $410,000 from a smart contract bug on April 13.
In the same month, lending protocol Silo Finance lost $392,000 on April 3 from a misconfigured oracle exploit and decentralized GPU cloud computing platform Aethir lost $423,000 in an access control exploit on April 9.
DPRK ups AI social engineering attacks
The Drift Protocol and Zerion wallet exploits were two examples of Democratic People’s Republic of Korea-affiliated groups using AI and social engineering to infiltrate crypto companies to steal credentials and funds.
Malicious actors pilfered over $168.6 million in cryptocurrency from 34 DeFi protocols in the first quarter of 2026, according to data from DefiLlama.
Magazine: Forget stablecoin yield, how does the CLARITY Act treat DeFi?