Crypto thieves don’t follow a calendar — they follow the money.
That was the blunt takeaway from Kraken’s chief security officer, Nick Percoco, who told reporters that hacking activity in crypto spikes not because of seasons but because value concentrates: during bull runs, major product launches and periods of rapid growth. “Vulnerabilities can be exploited in any market environment,” Percoco warned, urging the industry to treat security as continuous work, not a seasonal task.
New data backs up the point. DefiLlama reports that hackers siphoned $168 million from 34 DeFi protocols in Q1 2026 (January–March). That’s a sharp drop from the $1.58 billion recorded in the same quarter of 2025 — but that prior total was heavily distorted by one gigantic incident: the $1.4 billion Bybit breach, which accounted for nearly all of Q1 2025’s losses. Remove that outlier and the year-over-year shift looks less dramatic.
Still, Q1 2026 wasn’t free of high-profile thefts. January was the hardest month: portfolio manager Step Finance lost $40 million after attackers compromised private keys, and days later (Jan. 8) decentralized protocol Truebit was drained of $26.4 million in ether via smart contract manipulation. In late March, stablecoin issuer Resolv Labs was hit in another private key compromise — the same operational failure that felled Step Finance.
Those two failure modes — private key compromises and code exploits — keep recurring. Private key failures are typically human or operational errors (lost or leaked credentials, exposed signing keys); smart contract exploits are coding or protocol-design vulnerabilities that attackers can manipulate. Both types remain unresolved risks across the ecosystem.
Percoco painted a broad threat landscape: highly coordinated criminal groups, organized networks and opportunistic individuals scanning for weak spots in smart contracts and user-facing systems. State-linked actors have also been implicated in major heists; suspected North Korea-affiliated groups were tied to a private key leak that cost decentralized exchange Drift Protocol an estimated $285 million.
The takeaway for builders and users: attackers move to where value accumulates, not according to a timetable. Security efforts must be perpetual and multi-layered if the industry hopes to reduce the recurring toll of losses.
Featured image: Unsplash. Chart: TradingView.
Read more AI-generated news on: undefined/news
