Drift, Hyperbridge, and Kelp DAO lost a combined $578 million in a single month. The transactions that caused those losses passed every conventional security check at the moment of execution.
The DeFi industry has spent three years building stronger signers, better audits, and more rigorous key management. In the first four months of 2026, three of the largest onchain exploits in recent history went through all of it without friction.
Drift Protocol lost $285 million. Hyperbridge lost $237,000 in realized value with $1.2 billion in nominal token supply minted. Kelp DAO lost $292 million and triggered $13 billion in DeFi withdrawals over the 48 hours that followed. Three different protocols. Three different attack vectors. One structural failure mode.
Every transaction in every one of these incidents passed every conventional security check at the moment of execution. The signatures were valid. The proofs verified. The attestations came from authorized parties. The contracts behaved exactly as they were designed to behave.
None of these protocols were compromised at the code layer. They were compromised at the layer above the code, where privileged actions are turned into protocol state, and where almost no protocol has built a constraint.
The consensus narrative that has emerged from 2026's incident pattern is that the human layer is the new attack surface. Better key management, more signers, hardware security modules, operational security training. This is the right diagnosis of how attackers get in.
It does not explain why so much money leaves once they do.
Drift's Security Council was migrated to a new multisig on March 27, nine days before the drain. Four of five signers were new. The timelock was set to zero seconds. That configuration passed governance. The four new signers passed whatever vetting was in place. When the attack executed on April 1, the transactions were signed by members of a legitimate, functioning council.
Hyperbridge's forged proof passed the protocol's own verification function. The EthereumHost contract's challenge period, a built-in window designed to catch exactly this class of attack, was set to zero. A ChangeAssetAdmin action executed instantly, with no delay, no secondary authorization, no confirmation required. The contracts behaved correctly. They enforced what they were given.
Kelp DAO's DVN attestation was signed by LayerZero Labs' own infrastructure over a message that never existed on Unichain. The OFT adapter's onchain validation passed. The sender address matched the legitimate Kelp peer contract. The nonce was sequential. 116,500 rsETH left the escrow because every downstream check trusted the upstream observation.
Better signers would not have stopped Drift, because the signers were real. A better audit would not have stopped Hyperbridge, because the contracts functioned correctly. More DVNs would have stopped Kelp, but only because that is a structural change to the architecture, not a change to who is doing the signing.
The question the industry is not yet asking systematically is: once a privileged action is authorized, what is it permitted to do?
In each of these exploits, the authentication question was answered correctly. A legitimate actor, or something that looked like one, authorized the action. The authorization question, whether the resulting protocol state was safe, was never asked.
Drift's attacker obtained 2-of-5 council authority and used it to list a new spot market, set its collateral parameters for maximum extractability, raise circuit breakers across five real asset markets simultaneously, and execute 31 withdrawals in under 12 minutes. Each individual step passed a function call. No layer evaluated whether the combination produced an unsafe state.
Hyperbridge's attacker submitted a forged ISMP proof that passed verification, used it to transfer minting authority over the bridged DOT contract, minted one billion tokens against a circulating supply of 356,000, and routed the proceeds through a DEX in a single transaction. No supply cap. No challenge window. No rate limit on the liquidation.
Kelp's attacker received 116,500 rsETH from the escrow in response to a cross-chain message that claimed to originate from Unichain. The Unichain rsETH supply at the time was approximately 49 tokens. The adapter imposed no per-packet cap, no daily throughput limit, no cross-check against the source-chain supply balance. A message claiming to bridge 2,300 times the total available supply executed without additional scrutiny.
In each case, the privileged path that was opened had no limits on what it was allowed to do. The authentication layer said yes. No authorization layer asked what yes was permitted to mean.
Drift had cleared two independent audits. The contracts were clean. The vulnerability was not in the code. It was in the operational configuration that surrounded the code: the signer composition, the timelock setting, the parameter ranges on newly listed markets, the absence of any limit on how many withdrawal ceilings could be raised in a single transaction.
Audits are point-in-time assessments of code correctness. Privileged paths are not point-in-time. They evolve as protocols grow, as governance decisions accumulate, as configurations drift from their original design. The operational envelope around a protocol, the set of states that the code is actually allowed to reach, is a moving target that a periodic audit cannot track.
Hyperbridge's challenge period was set to zero. That is a parameter, not a bug. The code that read the parameter worked exactly as intended. No audit would have flagged it as a vulnerability unless the auditor had specifically examined the operational implications of that value.
Kelp's single-DVN configuration was a design decision. The adapter correctly enforced whatever the configuration specified. The security assumption embedded in that decision, that LayerZero Labs' observation infrastructure would never produce a false attestation, was the thing that failed.
None of these failures required a bug. All of them required the absence of a hard limit on what a valid authorization could produce.
The structural answer to the 2026 pattern is two complementary layers: real-time monitoring that surfaces risk as it develops in the days and weeks before execution, and onchain policy enforcement that bounds what privileged actions are permitted to do at the moment of execution.
Drift's attack staged for nine days. Between March 23 and March 30, four durable nonce accounts were created. On March 27, the Security Council was migrated to a 0-second timelock with four new signers. These are observable events. A monitoring layer configured with protocol-specific context, tracking governance migrations, signer composition changes, and timelock modifications, would have surfaced each of them as high-severity signals in the days before the drain. Monitoring does not prevent. It gives teams the window to investigate and respond before an attack reaches execution.
Policy enforcement operates at the moment of execution. For Drift, a policy that blocked new spot markets where the backing liquidity pool held less than a defined threshold, or that prevented circuit breakers from being raised across multiple markets in a single transaction, or that required a cooling-off period after any authority migration before further privileged actions could execute, would have broken the chain regardless of who held the keys. The drain required an uninterrupted sequence of privileged actions. A hard constraint at any stage in that sequence would have stopped it.
For Hyperbridge, a policy requiring a minimum challenge period on any ChangeAssetAdmin action, or a supply inflation cap on any gateway-managed token mint, would have stopped the exploit at the second or third stage, even after the proof verification failure. For Kelp, a multi-DVN requirement on high-value pathways, combined with a supply reconciliation check that evaluated whether the credited amount was physically possible given the source-chain balance, would have stopped the 116,500 rsETH release before it executed.
Neither layer alone is sufficient. A monitoring-only architecture catches risk as it develops but cannot stop a fast-moving execution that outpaces human response. A policy-only architecture enforces hard limits at execution but may not surface the weeks of observable staging that precede a sophisticated attack. Together, they close the gap that Drift, Hyperbridge, and Kelp all left open.
The structural gap exposed by this year's exploits is not new. What is new is that the attacks are sophisticated enough, and the privileged paths complex enough, that the gap is no longer hypothetical.
Protocols that operate today with authenticated but unconstrained privileged paths are operating with the same structural exposure. The question is not whether an attacker will find an authorized path. It is what that path will be permitted to do once it is found.
The answer to that question is an architectural one, and it has nothing to do with who holds the keys.
Hypernative's research team is hosting a live session on June 17 to walk through all three incidents in detail, isolate the common failure mode, and show what monitoring and policy enforcement look like as a complete defensive layer.
Register at https://luma.com/crypto-hacks-2026
Secure everything you build, run and own in Web3 with Hypernative.
Website | X (Twitter) | LinkedIn
.png)
.png)