blog
Month in Review: Top DeFi Hacks of February 2025
Category: Month in Review
POSTED BY: Rob Behnke
03.03.2025
February 2025 stands out as the most profitable month in history for DeFi hackers. In total, approximately $1.5 billion was stolen from DeFi projects across four high-value hacks. However, nearly all of these losses were a result of a single hack: the compromise of the Bybit exchange by the Lazarus Group. In one hack, they stole over twice as much as the next largest theft in DeFi history, the Ronin Network hack.
Biggest DeFi Hacks of February 2025
While Bybit was the most memorable of the four DeFi hacks of February 2025, it wasn’t the only high-value theft this month. These are the four hacks with price tags of at least $1 million:
Ionic Money: The February 2025 hack of Ionic was the result of a social engineering attack in which the attackers tricked the protocol into accepting a fake LBTC token as collateral. Once approved, they stole $8.6 million by using fake LBTC as collateral for loans.
zkLend: The zkLend exploit was the result of a rounding error in the protocol’s smart contract. The attacker exploited the vulnerability to steal approximately $9.5 million from the protocol.
Bybit: In February 2025, Bybit made history as the biggest DeFi hack to date with a $1.4 billion theft by the Lazarus Group. The attackers used social engineering to deploy a malicious version of the Safe UI targeting Bybit. This allowed them to trick signers into approving a malicious transaction while masking the UI to show only legitimate activity. As a result, the attackers were able to perform a malicious upgrade to the Bybit multisig smart contract, inserting a backdoor that allowed them to drain the wallet.
Infini: The $50 million Infini hack was carried out by a former rogue developer. They had access to a breached private key that held elevated permissions, allowing them to drain tokens from the project’s vault.
Lessons Learned from the Attacks
With the exception of zkLend, the major DeFi hacks of February 2025 continued the trend of significant losses due to off-chain security gaps. Social engineering was critical to the success of the Ionic Money and Bybit hacks, while the Infini attacker was a rogue former developer with access to a privileged blockchain account.
This spate of high-value incidents exploring poor off-chain security inspired Halborn’s CISO, Jacques Boschung to author a blog article describing how smart contract audits aren’t enough for DeFi security. While valuable, they also need to be complemented with strong security processes and practices.
Halborn offers advisory services to projects looking to build security into their protocols from the very beginning. For help with protecting your project from the modern DeFi hacker, get in touch.