Letter 111: I'm Pulling All My Money Out of DeFi
April 2026 was the most hacked month in crypto history by number of incidents. There was roughly $651 million stolen across roughly 40 separate exploits; more than one incident every day. If you have funds anywhere onchain, this is an important letter to read. Iâm not doing this to scare you (actually, maybe I am, but with good intentions). Iâm doing it primarily because I think the patterns behind these hacks are going to keep getting worse before they get better, and itâs the time to be proactive about protecting your funds. While there were over 40 attacks in April, two attacks did almost all the damage, and both were linked to North Koreaâs Lazarus Group. Letâs take a look at both of them, and then a brief look at the rest. Drift was the largest perpetuals exchange on Solana with around $550 million in TVL. On April 1, attackers drained $285 million in 12 minutes, wiping out more than half the protocolâs TVL. The setup started in October 2025 at a major crypto conference. The attackers posed as a quantitative trading firm and spent six months building relationships with Drift contributors. They had legit, professional looking backgrounds. They even deposited over $1 million of their own funds to make everything seem normal and above board. Once they had gained their trust through social engineering, they used a Solana feature called durable nonces to get Drift Security Council members to unknowingly pre-sign transactions. Durable nonces let you sign a transaction now and execute it later, you can think of it kinda like signing a blank check. On April 1, the attackers executed those pre signed transactions. Two transactions, one second apart, transferred admin control. They whitelisted a fake token, deposited 500 million units of it as collateral, and withdrew $285 million in real assets. The DRIFT token dropped 42% within hours and SOL fell 5.5% on the day. KelpDAO is a liquid restaking protocol on Ethereum. They issue rsETH, which represents staked ETH and circulates across more than 20 chains via LayerZeroâs bridge. On April 18, attackers minted 116,500 unbacked rsETH worth around $292 million. Roughly 18% of the entire rsETH supply, created out of thin air. The attack exploited KelpDAOâs configuration of LayerZero. When you bridge a token across chains using LayerZero, the protocol uses something called a Decentralized Verifier Network, or DVN. The DVNâs job is to watch the source chain, see that you burned tokens on one side, and tell the destination chain to release tokens on the other side. LayerZeroâs documentation says you should configure your bridge with at least two independent DVNs so neither one alone can authorize a release. Two sets of eyes, basically. KelpDAO didnât do that. They configured their bridge with a 1-of-1 DVN setup. A single verifier with full authority over a $392 million escrow. LayerZero had explicitly recommended multi-DVN in their integration checklist. KelpDAO went with the default and never changed it for some reason (hubris, probably). The attackers were able to manipulate this DVN by attacking the RPC nodes, essentially allowing them to generate 116,500 rsETH out of thin air. They then did what every modern hack playbook describes and they deposited it as collateral on Aave and borrowed real ETH against it. The fallout was arguably worse than the loss itself. Aave saw $8.4 billion in deposit outflows in 48 hours. Total DeFi TVL dropped by more than $13 billion across the board. Lending platforms like Morpho, Spark, Lido and Beefy froze certain operations. The AAVE token fell 17% and ZRO fell 12%. Trust in DeFi was and is at an all time low. Drift and KelpDAO got the major headlines but they werenât alone. Around 40 (yes FORTY, wtf) separate incidents hit the industry across the month: If we rewind a few months, all the hack postmortems on X had people saying the same thing: that the main cause of hacks wasnât bug exploits but rather social engineering. People problems. And thatâs certainly still an enormous part of things, especially for the larger hacks, and even the majority of hacks so far this year. Most protocols have gotten pretty good at auditing their contracts, of double and triple and quadruple checking that they have no exploits, and in feeling relatively safe in the comfort of their code. But I think the narrative is starting to shift once again back to one that smart contracts are absolutely still a problem. And theyâre about to be a much, much bigger problem. On April 7, Anthropic announced a new model called Claude Mythos Preview. They didnât release it to the public, and didnât even discuss releasing it to the public anytime soon. They didnât release it because of how powerful it is. To quote Anthropic directly, Mythos can find and exploit software vulnerabilities at a level that âcan surpass all but the most skilled humans.â Over a few weeks of testing, they used it to find thousands of zero-day vulnerabilities in every major operating system and every major web browser. Some of the bugs it found were 27 years old. They had been sitting there since the late 1990s, missed by every human security researcher who ever looked at the code, and Mythos found them in days. It also did things that supposedly freaked out the Anthropic team. In one test, it chained four separate vulnerabilities together and broke out of its own secure sandbox, gained internet access, and emailed the researcher running the experiment (who, incidentally, was sitting on a park bench eating a sandwich at the time lol). So instead of releasing it publicly, Anthropic launched something called Project Glasswing. They gave Mythos to a small group of partners, basically the biggest names in tech: AWS, Apple, Microsoft, Google, Nvidia, JPMorgan, Cisco, Palo Alto Networks, CrowdStrike, Broadcom, the Linux Foundation, and more. About 50 organizations total. The goal is to use Mythos to find and patch vulnerabilities in critical software before equivalent capabilities show up in the hands of attackers, with Anthropic committing $100 million in usage credits to make this happen. Mythos is the canary in the coal mine. Anthropic has been pretty open about why theyâre doing Project Glasswing instead of releasing the model. Their thesis is that this kind of capability is going to exist in the wild within six to eighteen months whether they release Mythos or not. OpenAI is reportedly working on something similar, and the UK AI Safety Institute already evaluated GPT-5.5 and concluded it has reached similar offensive cyber capabilities on their narrow tasks. Open weight / local models are getting better fast too. Defenders need a head start. Thatâs the whole point of Glasswing. AWS and Microsoft and Apple are in Project Glasswing. The Linux Foundation is in it. You know whoâs not in Project Glasswing? Every DeFi protocol you use. So when Mythos-class capabilities leak out into the wild (and they will, whether through open source models catching up, model weight theft, or jailbroken closed source models), the first wave of targets is going to be exactly the systems with the most value sitting on them and the least defensive resourcing. Aka, all of crypto. Smart contracts are open source by design, meaning anyone can read them, anyone can fork them, and anyone can run an AI model over them looking for bugs. The same model that found a 27 year old vulnerability is going to find plenty of five year old DeFi contracts just waiting to be exploited. What happens when finding a critical vulnerability in a DeFi protocol drops from a six month operation to a six hour operation? Itâs not rocket science: you get a lot more hacks. The subtle silver lining is that the same AI tools that find bugs can fix them. Auditing firms are already using current frontier models to assist their work, and if youâre a protocol team, you can (and should) run these tools over your own code right now too. But the transition is going to take time and be bumpy. The next 12âŠ
Send this story to anyone â or drop the embed into a blog post, Substack, Notion page. Every play sends rev-share back to Letters from a Zeneca.