blog

Month in Review: Top DeFi Hacks of March 2025

Category: Month in Review

Month in Review: Top DeFi Hacks of March 2025

POSTED BY: Rob Behnke

04.02.2025

February 2025 was a record-breaking month for DeFi hackers due mainly to the $1.5 billion Bybit hack. After that, March’s five $1M+ hacks, totalling about $44.4M in potential losses, pales in comparison.

Biggest DeFi Hacks of March 2025

In March 2025, five DeFi protocols suffered hacks that resulted in losses exceeding $1M, including:

  • 1inch: The March 2025 exploit of 1inch took advantage of buffer overflow and integer underflow vulnerabilities in the contract. This allowed the attacker to evade access controls and steal about $5 million from one of the protocol’s resolvers using out-of-date code.

  • Wemix: The Wemix hack was made possible by compromised admin keys that may have been stored insecurely in a software repo. With these keys, the attacker performed malicious transactions that stole over $6 million from the protocol.

  • Zoth: The March 2025 hack of Zoth was also a classic case of compromised private keys. The attacker performed a malicious contract upgrade that enabled them to drain an estimated $8.4 million from the protocol.

  • Abracadabra: Abracadabra’s $13 million hack was made possible by errors in tracking state within the contract. An intentionally failed deposit to GMX set the stage for the attacker to liquidate their own position and then use it as collateral for a bad loan.

  • Hyperliquid: Hyperliquid faced $12 million in potential losses due to an exploit of design vulnerabilities in its liquidation protocols. The exchange demonstrated centralized control and the ability to override market prices when delisting tokens as part of its efforts to mitigate the attack.

Lessons Learned from the Attacks

The biggest hacks of March 2025 originated from a variety of different causes. Two of them — Wemix and Zoth — were caused by compromised keys, one of the most common causes of DeFi hacks in 2025. The Abracadabra and Hyperliquid attackers took advantage of design vulnerabilities in the targeted protocols, while the 1inch exploiter targeted implementation errors within the smart contracts.

This variety of vulnerabilities underscores the importance of integrating security into every stage of the software design and development process. Implementing private key security best practices could have mitigated some incidents, while design review and threat modeling may have caught design errors before exploitation.

The root causes of several of these incidents would have been missed by a security program relying solely on smart contract audits. To learn more about taking advantage of security advisory and auditing services that span the entire software development lifecycle, reach out to Halborn.

© Halborn 2025. All rights reserved.