Why are DeFi hack losses falling despite more protocols and users?

DeFi losses have dropped significantly as the industry has improved security practices. Total losses fell from $2.62 billion in 2022 to about $534 million by 2024, even as total value locked (TVL) continued to grow.

What are the biggest DeFi security risks today?

The biggest risk is no longer bridge hacks or flash-loan attacks. In 2025, about 89% of DeFi losses came from protocol logic exploits, which are unique coding flaws embedded within a protocol's design.

What is a protocol logic exploit in DeFi?

A protocol logic exploit occurs when attackers find weaknesses in a protocol's code, mathematical models, access controls or system design. These vulnerabilities are often highly specific and harder to detect than traditional attack methods.

Why are multi-chain protocols creating new security concerns?

Many DeFi applications deploy identical smart contract code across multiple blockchains. If a vulnerability exists in that code, attackers can exploit several networks simultaneously instead of targeting just one chain.

What happened in the Balancer multi-chain exploit?

Balancer's V2 Composable Stable Pools reportedly lost around $128 million across six blockchains after attackers exploited an arithmetic precision flaw. Because the same vulnerable code was deployed across multiple networks, the exploit spread simultaneously.

Why did audits fail to detect the Balancer vulnerability?

According to reports, the flaw was extremely subtle and involved complex mathematical calculations within the protocol. Even after 11 separate audits, the vulnerability remained undiscovered until it was exploited.

Are bridge hacks still a major threat to DeFi?

Bridge hacks have become much less common. They accounted for roughly 73% of DeFi losses in 2022 but represented only about 3% of losses by 2025 as bridge security improved.

Image for illustrative purposes only. Not a real photo.

DeFi hacks shrink as multi-chain risks grow

Written by Heidi Cuthbert Published Jun 8, 2026, 3:30 AM

Decentralised finance losses have declined dramatically over the past several years, but security researchers warn that a new generation of multi-chain vulnerabilities could expose users to simultaneous losses across multiple blockchain networks.

Industry-wide DeFi losses peaked at $2.62 billion in 2022 before falling roughly 80% to $534 million in 2024, while the median loss per incident dropped from $6 million to $1.5 million as security practices improved across the sector.

The growing concern is that major protocols now deploy identical code across networks including Ethereum, Base, Arbitrum, Polygon, OP Mainnet and Sonic, allowing a single software flaw to potentially affect users on every chain where the application operates.

The risk was highlighted in November 2025 when a vulnerability in Balancer’s V2 Composable Stable Pools enabled attackers to drain approximately $128 million across six blockchains in less than 30 minutes after exploiting a subtle arithmetic precision flaw embedded within the protocol’s core code.

According to Check Point Research, the attacker manipulated rounding errors within the pools’ invariant calculations and chained a series of batched swaps that amplified minor discrepancies into a full-scale exploit affecting all networks running the vulnerable contracts.

While bridge exploits accounted for 73% of all DeFi losses in 2022, led by incidents including the Ronin, Wormhole and Nomad hacks, their share had fallen to just 3% by 2025 as improved verification systems, decentralised validator networks and native cross-chain messaging reduced attack surfaces.

The shift leaves protocol-specific logic vulnerabilities responsible for 89.1% of DeFi losses in 2025, creating a new challenge for developers as a flaw in a widely deployed application can rapidly evolve from a single coding error into a cross-chain systemic event affecting multiple ecosystems simultaneously.

At the time of reporting, Ethereum price was $1,684.82.