Crypto's Biggest Security Problem Isn't the Code Anymore
DefiLlama data shows $17 billion stolen across 518 incidents in a decade, and more than half of the losses came from stolen keys or phished humans. The…
Crypto cybersecurity is no longer a side topic. It sits at the center of the biggest stories in the industry, from $285M smart contract exploits to state-sponsored DeFi infiltration traced back to North Korean operatives embedded in protocols since 2020. The threat surface keeps widening. Phishing campaigns target wallet owners with increasingly convincing fakes, exploit teams hunt zero-day vulnerabilities in audited contracts, social engineering attacks compromise key personnel at major protocols, and laundering routes flow through cross-chain bridges, mixers, and OTC desks faster than law enforcement can trace them. The defenders are evolving too. Audit firms add formal verification, protocols ship circuit breakers, stablecoin issuers debate when and how to freeze stolen funds, and chains like Arbitrum experiment with reaching directly into hacker wallets. Each case sets a precedent. Coinliva tracks the actual incidents and the response that follows: the post-mortems, the on-chain forensics from Chainalysis, TRM Labs, and Elliptic, the recovery efforts coordinated across protocols, the legal actions like the class action against Circle over Drift, and the security firms doing the analysis nobody else publishes. Real numbers, named protocols, traced wallets. Where crypto security actually stands, not where the marketing claims it does.
DefiLlama data shows $17 billion stolen across 518 incidents in a decade, and more than half of the losses came from stolen keys or phished humans. The…
North Korea's TraderTraitor subgroup hit Drift on April 1 and KelpDAO on April 18. One attack used a fake quant firm. The other poisoned bridge infrastructure. Different tactics, same wallet.
A single exploit on April 19 triggered one of the fastest liquidity withdrawals the sector has ever seen, and the damage is still moving through the system.
The attacker moved nearly all stolen ETH into Bitcoin in roughly a day and a half, while Arbitrum scrambled to freeze a smaller portion of the funds on its own network.
The attacker funded the node through Monero and Hyperliquid weeks before the theft. Chainalysis mapped the entire trail. THORChain paused all trading.
A compromised private key let an attacker automate withdrawals from Polymarket's UMA CTF Adapter on Polygon. ZachXBT flagged it first. Losses passed $700,000 before the team responded. Polymarket says user funds are safe. The attacker has already split the proceeds across 15 wallets.
A researcher says over 40 DeFi platforms have employed DPRK state-linked developers. Their seven years of blockchain experience is, as she notes, not a lie. The Drift Protocol exploit was not a code bug. It was a six-month intelligence operation conducted by a North Korean state-affiliated group that attended conferences, deposited real capital, and waited.
StablR's EURR and USDR lost their pegs on Sunday after an attacker compromised a single private key in a 1-of-3 multisig, minted 8.35 million unbacked USDR and 4.5 million EURR, and dumped them for 1,115 ETH. The stablecoin issuer holds a Malta EMI license and operates under MiCA. Regulation did not stop a key management failure.
North Korean group UNC4736 stole $270 million from Drift Protocol on April 1, converting part of it into USDC via Circle's own bridge. Circle's formal response clarifies when and why it can freeze assets — and calls for legislative action.
Investors allege Circle let $230 million in stolen USDC cross from Solana to Ethereum without intervention. The lawsuit lands as Tether steps in with a $127.5 million recovery package.
The $150 million recovery plan will fund user reimbursements as Drift relaunches with USDt as its settlement asset. Circle faced heavy criticism for not freezing $232 million in USDC that the North Korea-linked attacker moved through its own bridge.
A 9-of-12 council vote moved 30,766 ETH tied to the KelpDAO exploit into a frozen wallet. It recovered funds, and it forced an uncomfortable question about what decentralization actually means on Layer 2.