April 2025 had fewer major hacks than the previous month, with only four with price tags exceeding $1 million. However, these incidents had a larger aggregate cost, totaling over $81 million, compared to March’s $44.4 million.
Biggest DeFi Hacks of April 2025
In April 2025, four DeFi protocols were the targets of hacks with values exceeding $1 million, including the following:
UPCX: UPCX, an open-source platform for crypto payments, suffered a $70 million hack in April 2025. The root cause of this incident was a compromised account that allowed the attacker to perform a malicious smart contract upgrade and drain tokens from several of the project’s management accounts.
KiloEx: The April 2025 hack of KiloEx exploited access control and input sanitization vulnerabilities in the project’s price oracles. The attacker crafted a transaction that performed a chain of function calls that ended in setting the price for a particular token. They set the price artificially low, created a long position, then artificially raised the token’s value to steal an estimated $7.5 million from the project.
ZKsync: The ZKsync hack was made possible by a compromised administrator account. The attacker exploited the account’s access to privileged functions within ZKsync smart contracts to mint 111 million tokens worth $5 million that were unclaimed from the project’s airdrop.
Loopscale: In April 2025, Loopscale suffered a $5.8 million hack due to a flaw in how it calculated the value of RateX PT tokens. The attacker exploited this vulnerability via undercollateralized loans to drain value from the protocol before returning it under a bounty agreement.
Lessons Learned from the Attacks
The root causes of the biggest DeFi hacks of April 2025 were a mix of on-chain and off-chain issues. The KiloEx and Loopscale hacks were made possible by smart contract errors, either in access management or price oracle calculation. The root causes of the UPCX and ZKsync incidents, on the other hand, were likely compromised private keys that granted the attacker privileged access to sensitive smart contract functionality.
This mix of incidents demonstrates the importance of comprehensive security programs for DeFi projects. While the KiloEx and Loopscale incidents may have been preventable by smart contract audits, the UPCX and ZKsync ones were not. Managing these risks requires strong security protocols and private key security best practices.
DeFi hackers use a variety of methods to exploit and drain value from projects. For help with building a comprehensive security program to protect against leading DeFi security threats, reach out to Halborn.