Crypto News: Hackers Stole $169M in Crypto from DeFi Protocols in Q1

Key Insights:

• As per the latest crypto news, hackers stole about $168.6M from 34 DeFi protocols in Q1 2026.
• The largest hack was a $40M private key compromise of Step Finance in January.
• Other major exploits included $26.4M stolen from Truebit and a private key attack on Resolv Labs.

Attacks tend to rise during bull markets and periods of high liquidity. Threats range from organized groups to opportunistic hackers. Recent crypto news indicates that DeFi protocol hackers stole roughly $169 million in crypto in Q1 2026. The largest hack was against Step Finance, which lost $40 million in a private key breach.

Crypto News: Hackers Stole $169M from DeFi Protocols in the Last 90-days

According to crypto news data from DeFiLlama, hackers stole $168.6 million worth of crypto from 34 decentralized finance protocols and decentralized applications in the first quarter of 2026. The total amount is significantly lower than last year’s first quarter. There were $1.58 billion in total losses. However, the bulk of the losses in 2025 came from Bybit’s $1.4 billion exploit.

The largest DeFi protocol exploit in Q1 2026 was Step Finance. This exploit occurred in January, when hackers made off with $40 million after exploiting a private key compromise.

The second-largest hack occurred on January 8, when a smart contract was manipulated. It enabled criminals to siphon $26.5 million worth of Ether from Truebit. Meanwhile, crypto hackers went on to drain Resolv Labs on March 21. It became the largest decentralized Finance (DeFi) hack in the first quarter.

Crypto Hackers Steal Aggressively During Bull Markets

Even though crypto hacks are not connected to any specific periods of the year, historical data indicate that crypto scams and hacks tend to increase during bull market cycles. Additionally, criminals tend to target protocols and platforms with high liquidity concentration. As such, an attack vector will tend to follow where the liquidity is quickly accumulating.

This could occur during a bull market, after a major product launch, or during an aggressive growth phase for a protocol. All these situations tend to create suitable conditions for attackers. Sometimes, they also believe new infrastructure is not sufficiently secure to prevent exploits.

Essentially, this does not mean that attacks will be confined to the three periods mentioned above. An exploit or a vulnerability could occur during any market environment. This makes it paramount for security teams to continuously strengthen protocols and prevent threat actors.

Crypto News: Hackers’ Attacks are Evolving Every Day

Recent crypto news indicates the cryptocurrency community has faced persistent threats and attacks from hackers linked to North Korea. Most hacks targeting crypto and Web3-native platforms are carried out by hackers affiliated with the country. That includes the recent exploit that saw Drift Protocol lose approximately $285 million.

However, it is worth noting that crypto-related cybercrime has evolved into more complex, highly organized groups that work in coordination to exploit core infrastructure. These criminals are also organized into networks that constantly scan smart contracts and client-facing protocols for security loopholes.

As such, it is an understatement to assume that attacks are usually random. According to experts, these attacks are essentially deliberate and planned to target access controls, sometimes even human behavior and infrastructure code.

Also, the open-source, decentralized, and transparent nature of DeFi protocols makes it easier for threat actors to spot security vulnerabilities. A suitable target is usually a platform that combines deep liquidity concentrations, technical complexity, and operational gaps in security.