April 2025 Crypto Hacks Hit $92.5M as Ethereum and Base Face Growing Threats

April recorded the largest crypto losses since the beginning of the year. According to blockchain security firm Immunefi, over the past 30 days, the industry saw:

• 15 attacks targeting DeFi projects
• $92.5 million stolen

That figure is up 27.3% from April 2024 and more than double the $41.4 million lost in March. 

Two incidents accounted for most of the damage: 

1. Payment platform UPCX, hit for $70 million
2. Decentralized exchange KiloEx, which lost $7.5 million

Losses from crypto hacks have reached $1.74 billion since the start of 2025, exceeding the $1.49 billion total recorded for all of last year. 

• None of the April incidents targeted centralized platforms. 
• Every attack hit DeFi protocols, once again highlighting the sector’s structural vulnerabilities.
• The most targeted networks were Ethereum and BNB Chain, which accounted for 60% of all incidents. 
• Three separate exploits occurred within the Base ecosystem, a relatively new L2 network developed by Coinbase. 

The pattern reflects a broader trend: threat actors are rapidly adapting to new platforms, probing them for weaknesses as soon as they gain traction.

Read more: Coinbase’s Base Blockchain Review

Ethereum, BNB Chain Most Targeted in April

Hackers once again focused their efforts on Ethereum and BNB Chain. 

• According to Immunefi, Ethereum experienced five attacks in April, representing one-third of all recorded incidents.
• Chain followed with four breaches, or 26.7% of the total.

These two networks remain the most liquid and widely adopted across DeFi, making them the top targets for Web3 attackers.

The reason is clear: large ecosystems with high asset volumes and numerous projects inevitably draw more attention from malicious actors. The greater the capital concentration, the higher the attack potential. 

For developers and auditors, the takeaway is clear: blockchain maturity doesn’t guarantee security. Even battle-tested platforms require continuous, in-depth security efforts.

CeFi Escapes April Hacks—Structural Strength or Temporary Reprieve?

Centralized platforms were not affected by any of the 15 crypto-related attacks reported in April 2025. All incidents exclusively targeted DeFi protocols, leaving the CeFi sector unscathed.

At first glance, this might suggest that centralized platforms offer stronger security. CeFi benefits from several structural advantages, including:

• Closed infrastructure
• Real-time oversight
• Vertically integrated security protocols 

However, that perception of stability can be deceptive. The most damaging breach of the year (a $1.46 billion hack targeting Bybit) occurred in the CeFi sector during the first quarter.

April’s lull appears to be an outlier rather than a trend. The cyclical nature of attacks and constantly evolving threat vectors leave little room for complacency. CeFi hasn’t become safer, it simply wasn’t in the crosshairs this time.

Related: ZachXBT Just Tracked the Bybit Hack Funds—Who’s Really Behind It?

Base as a New Target for Attackers

One of April’s more unexpected developments was the number of attacks on Base, Coinbase’s L2 network. The platform suffered three incidents in a single month, accounting for 20% of all reported breaches across the market.

The trend underscores a structural vulnerability in the space: security often trails behind growth. As new blockchains rush to scale, accelerate integrations, and launch publicly, they become increasingly attractive targets. 

Base is unlikely to be an outlier. The faster a platform gains momentum, the more likely its first real-world stress tests will come from hackers, not users.