Cointelegraph
ETH$2,326 1.26%ADA$0.2537 1.68%BNB$628.31 0.54%XLM$0.1655 3.14%HYPE$43.81 3.95%XRP$1.43 1.69%XMR$345.29 0.38%SOL$87.85 2.82%LINK$9.38 0.99%TRX$0.3259 0.03%DOGE$0.09726 1.00%BCH$449.24 1.41%BTC$74,786 0.30%
Martin Young
Written by Martin Young,Staff Writer
Felix Ng
Reviewed by Felix Ng,Staff Editor

At least a dozen crypto entities attacked since Drift Protocol hack

Rhea Finance and the Russia-linked Grinex exchange were hacked for a combined $21 million over the past two days.

At least a dozen crypto entities attacked since Drift Protocol hack
News

Cointelegraph in your social feed

Follow our Subscribe on

At least 12 DeFi protocols and crypto businesses have been attacked in just over two weeks since the $280 million Drift Protocol exploit on April 1.

Attacks aimed at crypto protocols or companies since the start of April include CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, BSC TMM, Aethir, MONA, Zerion and, most recently, Rhea Finance and the Grinex exchange. 

The Drift Protocol was hit with one of the largest exploits this year on April 1, losing around $280 million in a long-running social engineering attack suspected to involve North Korean-affiliated actors.

The attacks also come amid growing concerns this month that advancing AI models, such as Anthropic’s Claude Mythos and equivalent models, could eventually make it even easier for cyberattackers in the future.

Rhea Finance exploited for $7.6 million

DeFi protocol Rhea Finance reported on Thursday that an attacker “leveraged a vulnerability in Rhea’s Margin Trading feature to execute a coordinated pool manipulation attack,” impacting the Rhea Lend smart contract. 

Hackers, Hacks, DeFi
Rhea Finance updates its users on the exploit. Source: Rhea Finance

Around $7.6 million was extracted, according to blockchain security firm CertiK. 

“The attacker created fake token contracts and added liquidity in fresh pools, likely misleading the oracle and validation layer,” it explained. 

Meanwhile, the Russia-linked Grinex exchange suspended operations after a $13.7 million hack on Thursday, blaming “unfriendly states” for the incursion. 

Related: Stablecoin issuer Circle faces lawsuit over $280M Drift Protocol hack

Another attack this month was aimed at the Binance Smart Chain TMM/USDT liquidity pool, which suffered a reserve manipulation attack, resulting in the loss of around $1.67 million in early April, R3ACH Network analyst Jussy said on Thursday. 

It followed just days after bridge aggregator Dango lost $410,000 from a smart contract bug on April 13.

In the same month, lending protocol Silo Finance lost $392,000 on April 3 from a misconfigured oracle exploit and decentralized GPU cloud computing platform Aethir lost $423,000 in an access control exploit on April 9. 

DPRK ups AI social engineering attacks

The Drift Protocol and Zerion wallet exploits were two examples of Democratic People’s Republic of Korea-affiliated groups using AI and social engineering to infiltrate crypto companies to steal credentials and funds. 

Malicious actors pilfered over $168.6 million in cryptocurrency from 34 DeFi protocols in the first quarter of 2026, according to data from DefiLlama.

Magazine: Forget stablecoin yield, how does the CLARITY Act treat DeFi?

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy