![Sun [New]](https://s2.coinmarketcap.com/static/img/coins/64x64/10529.png)
The average cost of DeFi hacks has dropped since 2022, but new data indicates that risk is not gone yet. Protocol losses from 2020 through 2025 show a move away from identifiable exploit patterns to code-level collection veil.
In total, 2022 saw a drastic increase in the value of DeFi losses across the whole industry — peaking at $2.62 billion. They dropped by about 80% to $534 million in 2024.
Bridge exploits also declined sharply. They represented 73% of all DeFi losses in 2022, but had only a 3% share by the year 2025. Median loss per incident dropped from $6 million in 2022 to $1.5 million in 2025 — a 75% decrease,
Nevertheless, unique incidents increased to 83 in 2025. This meant that while there were more attacks, each attack caused less harm.
DeFi Hacks Shift From Known Attacks to Logic Flaws
The data points to a maturing DeFi security market. Older attack types have become less effective as protocols added stronger defenses.
DeFi hacks now look different from the attacks that dominated earlier market cycles. Bridge failures, flash-loan attacks, and private-key compromises no longer account for most losses.
The main threat now comes from protocol logic exploits. These are flaws inside the design, math, permissions, or composability of an application.
DeFi Losses Fall From 2022 Peak
The overall losses stood at $2.62 billion for the year 2022 They were $534 million in 2024, down from almost a billion.
This decline came even as DeFi total value locked was on the rise. This indicates that the security of major protocols and ecosystems did, in fact, improve.
Also, the average size of each exploit decreased. A standard attack currently inflicts around 25% of the severity endured at around the peak in 2022.
Bridge Exploits Lose Their Lead
Bridge attacks were once the largest source of DeFi losses. In 2022, nine bridge exploits caused $1.9 billion in losses.
Ronin Bridge alone lost $624 million. Other major incidents included Binance Bridge, Wormhole, Nomad, Harmony, and Qubit.
By 2025, bridge losses had fallen sharply. Better verification systems, decentralized validator sets, and native cross-chain messaging helped reduce this risk. This decline shows how DeFi hacks changed after the industry built direct defenses against known bridge weaknesses.
Flash-Loan Attacks Fade
Flash-loan attacks followed a similar path. They made up 54% of all DeFi losses in 2020. By 2025, they accounted for less than 1% of annual losses. Protocols reduced this threat through time-weighted average prices, Chainlink oracle integrations, and reentrancy guards.
Many applications now assume that attackers can manipulate prices inside one transaction. That design shift reduced one of DeFi’s earliest repeatable attack methods.
Private-Key Compromises Decline
Private-key compromises also became less damaging. Their share of losses fell from 28.7% in 2022 to 8.1% in 2025.
This decline followed the same pattern as bridge and flash-loan attacks. The industry found repeatable weaknesses and built standard responses. Those defenses lowered the impact of older attack categories. They also pushed attackers toward more subtle protocol flaws.
Protocol Logic Exploits Become Main Threat
Protocol logic exploits caused 89.1% of DeFi losses in 2025. This made them the leading source of risk.
These bugs are harder to prevent. A bridge exploit often follows known trust assumptions. A flash-loan attack belongs to a known attack family.
A logic flaw is different. It can come from custom math, access controls, or the way one protocol interacts with another.
This makes modern DeFi hacks harder to detect before they happen. Each flaw may require a fresh review of the code and its assumptions.
Balancer Case Shows the New Risk
The Balancer incident showed how dangerous logic flaws can become. Its V2 Composable Stable Pools lost about $128 million in less than half an hour across six blockchains.
According to Check Point Research, the attacker used an arithmetic precision flaw in the pools’ invariant math. Small rounding errors were then expanded through batched swaps.
The same vulnerable contracts had been deployed on Ethereum, Arbitrum, Base, Polygon, Sonic, and OP Mainnet. The flaw spread because the same code existed across all of them.
Eleven audits had failed to catch the issue. That showed how subtle this class of risk has become.
Multi-Chain Deployment Raises Systemic Risk
Multi-chain deployment can turn one code flaw into a wider crisis. Many major protocols now use the same code across several networks.
ImmuneFi’s report links this risk to the Poly Network exploit in 2021 and Balancer in 2025. Poly Network failed at a bridge connection point. Balancer showed the same logic failing across chains.
This changes how ecosystem safety is measured. A chain can inherit risk from applications deployed on it, even when its own infrastructure works as expected.
Conclusion
DeFi hacks have become less costly, but they have also become more complex. Older exploit types now cause a smaller share of losses because protocols built targeted defenses.
The next major risk may come from one logic flaw copied across several networks. For users and protocols, the key issue is no longer only whether one chain is secure. It is whether shared code could fail everywhere at once.
Appendix Glossary of Key Terms
Protocol logic vulnerability: Bug in the code, math, permissions or design of a protocol.
Bridge exploit: An exploit of systems that transfer assets from one blockchain to another.
Flash-loan attack: A quick attack that uses borrowed funds in one transaction.
Private-key compromise: A security breach due to compromised wallet or admin keys;
Multi-chain: Running same protocol code in multiple blockchain networks.
Total value locked: The total balance that is currently held inside of DeFi protocols.
Frequently Asked Questions About DeFi Hacks
1. Are DeFi losses declining?
Yes. Losses fell from $2.62 billion in 2022 to $534 million by 2024.
2. Why did bridge hacks decline?
Better verification, decentralized validators, and native cross-chain messaging reduced bridge risk.
3. What is the biggest DeFi risk now?
Protocol logic exploits are now the leading source of losses.
4. Why are multi-chain apps risky?
The same vulnerable code can run across several blockchains and fail at the same time.
