Cryptocurrency hackers stole over $168.6 million in cryptocurrencies from 34 decentralized finance (DeFi) protocols in the first quarter of 2026, a significant decline compared to the same period last year, according to DefiLlama data.
January’s $40 million Step Finance private key breach was the biggest exploit of the quarter, data shows can be seenfollowed by astute contract manipulation that deprived Truebit of $26.4 million in ether (ETH) on January 8. The third largest was a private key compromise targeting stablecoin issuer Resolv Labs that occurred on March 21.
The quarterly number is low considering $1.58 billion was stolen across the industry in the first quarter of 2025, most of which came from the $1.4 billion Bybit exploit. Experts warn, however, that cryptocurrency hacks are not associated with specific periods of the year.
Hackers are more energetic when the industry is booming
Nick Percoco, chief security officer at cryptocurrency exchange Kraken, told Cointelegraph that cybercriminal activity in cryptocurrencies tends to raise in market and event-based cycles rather than fixed periods.
According to Percoco, threat actors are also attracted to areas where liquidity is concentrated, which means attack peaks often occur where value accumulates most rapidly.
“Business growth, major product launches and rapid growth phases all create more attractive conditions for attackers because there is more value at stake and new infrastructure can introduce risk,” he said.
“That said, attacks are not limited to these periods. Vulnerabilities can be exploited in any market environment, especially in complex or rapidly evolving systems, underscoring that cryptocurrency security must be continuous.”
Cryptocurrency attackers are a ‘broad and evolving mix’
Entities linked to North Korea pose a constant threat to both cryptocurrency investors and companies using the Internet.
Hackers affiliated with the organization are suspected of multiple attacks, including Wednesday’s attack on Drift Protocol, a decentralized cryptocurrency exchange that lost an estimated $285 million following a private key leak.
Related: Immunefi’s report shows that the number of hacked crypto tokens drops by an average of 61% and they are rarely recovered
Percoco said the threat landscape is a mix of actors of varying sophistication, highly coordinated groups attacking core infrastructure, organized cybercriminal networks and opportunistic hackers scanning for vulnerabilities in astute contracts and customer-facing systems.
“It’s a broad and evolving mix, but ultimately they’re aiming for the same goal: global, liquid and accessible value. Targeting is rarely purely accidental. In many cases, attackers deliberately assess infrastructure, code, access control and even human behavior,” he said.
“At the same time, cryptocurrency’s transparency makes it easier for opportunistic actors to spot emerging vulnerabilities. The most attractive targets tend to be those that combine high value concentration, technical complexity, and operational security vulnerabilities.”
Security experts previously told Cointelegraph that 2026 will likely see an raise in sophisticated credential theft, social engineering and artificial intelligence attacks.
Warehouse: Fully 21 Million Bitcoins Are at Risk from Quantum Computers
