Hackers on a Budget: DeFi Only Donated $169M to Cybercriminals in Q1

DeFi protocols collectively donated $168.6 million to hackers in the first quarter of 2026, according to fresh data from DefiLlama. That's 34 protocols handing over their lunch money to bad actors over three months. At this rate, the industry might actually qualify for a loyalty program.

The quarter's biggest heist? Step Finance lost $40 million in January via a private key compromise—because apparently securing your keys is still optional for some. Truebit came in second with a $26.4 million smart contract manipulation on Jan. 8, followed by stablecoin issuer Resolv Labs, which dropped an undisclosed sum on March 21 from, you guessed it, another private key incident. If private keys were a stock, you'd think they'd be shorting it by now.

For context, Q1 2026 looks almost quaint compared to the same period last year, when the industry hemorrhaged $1.58 billion—mostly thanks to that $1.4 billion Bybit exploit. So congratulations, DeFi: you're technically improving at not getting robbed. But before we pop champagne, experts warn that hackers don't follow quarterly calendars. Apparently neither do they follow basic cybersecurity hygiene, but who's counting?

"Cybercriminal activity tends to rise around market and event-driven cycles," Nick Percoco, CSO at Kraken, told Cointelegraph. "Bull markets, major product launches and fast-moving growth phases create more attractive conditions for attackers because