// 2025 UPDATE
Breaking Down the Top 100 DeFi Hacks
2014-2024 COMPREHENSIVE REPORT
scroll down to find out the surprising trends and data we uncovered
// STATS & FINDINGS
5 KEY FINDINGS
TOTAL LOSSES FROM TOP 100
$10.77 billion
total
losses
$10.77 billion
largest
hack
The $1.5 billion Bybit hack in February 2025
most attacked
chains
Ethereum, BSC, Bitcoin, Polygon, and Arbitrum
common
exploits
Off-chain: 44% of total attacks
Compromised accounts: 47% of total losses
audited vs
unaudited
Only 20% of hacked protocols were audited
Audited protocols accounted for 10.8% of the total value lost
// DeFi Hacks
A GROWING TREND
The cost of DeFi hacks is on the rise, as high-loss attacks become more common in the crypto space
Number of Attacks Per Year
AMOUNT OF MONEY LOST PER YEAR
// Ethereum and Binance Smart Chain
THE MOST TARGETED CHAINS
Distribution of Attacks Per Chain
ORDER BY TVL AND NUMBER OF ATTACKS
Download the full report to learn more about the top 100 DeFi hacks and how to protect yourself from future attacks.
// AUDITING IN DEFI
A CRITICAL COMPONENT OF SECURITY AND RISK MITIGATION
The most common vulnerability leading to direct contract exploitation is a lack of or faulty input verification/validation, which accounts for 34.6% of the cases
TYPES OF CONTRACT EXPLOITATION
"While the overall number of hacks has seen a slight rise from last year, the total financial damage continues to decline over time—yet these incidents remain a critical concern for the Web3 ecosystem. Our latest findings underscore the importance of safeguarding both on-chain and off-chain components, as off-chain vulnerabilities account for growing share losses each year.
We also observed that attackers are expanding their focus to emerging targets like gaming protocols and Layer 2 chains. By identifying the most likely attack vectors for each protocol type and blockchain platform, developers and auditors can proactively strengthen their defenses and reduce risk. In today’s evolving threat landscape, a robust approach to security is critical for any organization looking to thrive in the Web3 space."
Mar Aguilar
Lead Security Architect and Researcher,
Author of the Top 100 DeFi Hacks Report
Download the full report to learn more about the top 100 DeFi hacks and how to protect yourself from future attacks.
// THE ACHILLES HEEL OF DEFI
SMART CONTRACT VULNERABILITIES
These findings emphasize the need for improving smart contract security, implementing robust key management practices, and mitigating risks in the DeFi ecosystem
CONTRACT EXPLOITATION
- In the last two years, compromised accounts have accounted for more than 50% of all attacks.
- Market manipulation was the leading cause of hacks in 2021, accounting for 32.1% of incidents.
- Governance attacks in 2022 and 2024, make up 5% and 5.6%
A BREAKDOWN OF SMART CONTRACT VULNERABILITY TYPES
- Reentrancy: Peaked initially, decreased in 2022, surged in 2023, and seems less prevalent in 2024.
- Faulty Input Verification/Validation: High in 2020 and 2022, evenly distributed in 2021, and accounted for all hacks in 2024.
// STAY AHEAD OF HACKERS
5 BEST PRACTICES FOR PREVENTING DEFI BREACHES
01
Get your smart
contracts audited
Smart Contract vulnerabilities are the leading cause of DeFi hacks. It's crucial to have your smart contracts audited by reputable auditing firms.
02
Use multi-sig
wallets:
Multi-signature wallets require multiple parties to sign off on a transaction, which adds an extra layer of security. This can help prevent private key theft and unauthorized access to your assets.
03
Avoid
hot wallets:
Hot wallets are connected to the internet and are more susceptible to hacking attempts. Consider using cold storage wallets, which are not connected to the internet, for long-term storage of your assets.
04
Be cautious with publicly
callable functions:
Publicly callable functions in smart contracts can be accessed by anyone on the blockchain, including hackers. It's important to limit access to these functions and ensure they are properly validated to prevent attacks.
05
Stay informed &
up to date:
DeFi is an ever-evolving space, and new vulnerabilities may arise. Stay informed by following reputable sources and consider implementing additional security measures as needed.