April 2025 will go down in history as a significant month for the crypto industry, with blockchain security firm CertiK revealing that a staggering $364 million was lost to scams, hacks, and phishing attacks. This figure represents a massive 1,163% increase from the previous month, highlighting the growing threat landscape facing the crypto community.
The primary driver behind this surge in losses was a single devastating event in which 3,520 Bitcoins, valued at $330.7 million, were stolen from an elderly U.S. citizen. This incident marked the fifth-largest crypto hack ever recorded and significantly skewed the total losses for the month.
Even without this massive theft, April still saw significant losses totaling $34 million, a 21% increase from March. The most damaging threats came in the form of phishing attacks, social engineering tactics, access control exploits, and price manipulation schemes.
Phishing attacks were responsible for the majority of April’s losses, totaling approximately $337 million. The standout case involved the theft from the elderly U.S. investor, where the attacker used sophisticated social engineering tactics to deceive the victim and gain access to their Bitcoin wallet. This event underscores a new wave of cybercrime focused on exploiting human behavior rather than traditional code vulnerabilities.
Social engineering tactics have become increasingly effective for crypto criminals, as they manipulate individuals into divulging confidential information through deceptive means. These attacks often appear legitimate, making them challenging to detect even for experienced investors.
In addition to CertiK’s findings, blockchain security firm Immunefi reported $92 million in losses across 15 incidents in April, all of which targeted decentralized finance (DeFi) platforms. Centralized exchanges, on the other hand, reported no security incidents during the month.
The largest attack cited by Immunefi occurred on the UPCX platform, resulting in over $70 million in damages, followed by the $7.5 million KiloEx exploit. Despite the grim numbers, there was a silver lining in April, as some of the stolen funds were recovered thanks to the efforts of white-hat hackers and cooperative exploiters.
Approximately $18.2 million was returned, with ethical hackers playing a crucial role in helping platforms like KiloEx, zkSync, and Loopscale recover their losses. KiloEx, for instance, had the stolen funds returned in full just four days after the exploit, showcasing the positive impact of white-hat intervention.
While the spike in April’s losses may be alarming, it is part of a larger trend of increasing cyber threats in the crypto industry. State-backed threats, in particular, pose a significant long-term risk, as hackers have already stolen more in 2025 than they did in all of 2024.
As investors navigate this challenging landscape, it is crucial to remain vigilant and educated on best practices to stay secure at all times. The $364 million lost in April serves as a stark reminder of the importance of cybersecurity in the crypto space, urging stakeholders to prioritize security measures to protect their assets.