DeFi hacks are still happening in 2026

19 replies 438 views
dr_bitNewbie
Posts: 869 · Reputation: 25
#1Oct 14, 2024, 04:26 AM
Yeah, it's definitely gonna keep going, just like it has since DeFi kicked off. Hackers took off with $169 million from 34 DeFi projects in the first quarter, according to DefiLlama. The title pretty much sums up what this news is all about. The hack in January was the biggest one.
2 Reply Quote Share
coin49Newbie
Posts: 117 · Reputation: 19
#2Oct 16, 2024, 06:38 AM
With growth of blockchain and cryptocurrency industry, the whole industry size becomes bigger in capital so there will be logically more hacks and exploitation this industry. Here is the 2025 Crime report from Chainalysis https://go.chainalysis.com/2025-Crypto-Crime-Report.html A shorter version of it, like a summary which is accessible for everyone. https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/
2 Reply Quote Share
coinxSenior Member
Posts: 176 · Reputation: 818
#3Oct 16, 2024, 11:25 AM
That's not really great argument for smart contract financial safety. If actual banks were losing as much money because of security exploits, as with De-Fi exploits have lost, they would be done. When $100M is stolen from crypto DeFi, no one seems to even blink an eye as it's just another day and another exploit. When over $10 million is stolen from a real bank, it's a box office movie.
4 Reply Quote Share
gas325Newbie
Posts: 168 · Reputation: 32
#4Oct 16, 2024, 03:22 PM
The Drift Protocol exploit some days ago just surpassed all of the Q1 value alone. What’s interesting is many of these big exploits have been because of compromised developer private keys and not because of smart contract vulnerabilities. Hopefully DeFi builders will learn some lessons from recent events and begin implementing better security measures.
3 Reply Quote Share
Posts: 339 · Reputation: 40
#5Oct 16, 2024, 04:15 PM
I hope hacking and exploit isn't normalized for the future of defi, it's people like us who's badly affected by any exploit. These defi rarely want to compensate for their own mistake and the user are always the one affected the most. It's asymmetrical profitability for these defi founders when all these responsibilities are not theirs to take, they are getting interest cut from our yield yet when bad things happen suddenly they don't want to take the blame. This hackings and exploits are grave reminder that defi isn't exactly the future of finance if things keep up, who in their right mind would want to stake with the risk of losing it all due to some hacks.
5 Reply Quote Share
Posts: 333 · Reputation: 33
#6Oct 16, 2024, 07:55 PM
Each there's always these exploit done in the decentralized finance. And they'll continue to happen because they have become the hotspot of the hacking incidents and they see that the security of these platforms are not flawless. A loss is a loss for them, they are decentralized and so no refund, no retrieval of funds will happen for the victims there.
4 Reply Quote Share
bullio377Newbie
Posts: 80 · Reputation: 8
#7Oct 17, 2024, 01:50 AM
When DeFi is exploited $10M - $20M - $50M - $100M and more this does not shake the world --- unlike banks, maybe all national TV will report this incident because it can be said to be a rare event. The Drift Protocol is the biggest exploit as they will not be able to recover the lost funds despite all the efforts. If it's not the vulnerability of the smart contract and then the exploitation of the developer's private key then we can assume this is an insider, right?
3 Reply Quote Share
dr_nonceNewbie
Posts: 192 · Reputation: 19
#8Oct 17, 2024, 04:56 AM
Well, it is not really that complicated considering how we are dealing with still shitty coding. This is just the hacking part of it, we still have exploits, but do not forget that social engineering is still a majority of it as well, there are still scammers out there who convince people to just steal it, without anything coding related, just straight up lies to people and get their money, that's even bigger. So, we have to assume that this type of things in this altcoin space is not going to end at any time soon. Moreover, when you are at the mid of a failed project and you look for a reason to quit then "got hacked" would be a perfect end to your entire project and I highly doubt that is the exact scenario happening with most altcoins. If hacking is that simple and frequently happening then the entire crypto space might have broken and hacked and hackers already might have eaten up of all of our cryptos.
4 Reply Quote Share
chainioMember
Posts: 653 · Reputation: 48
#9Oct 17, 2024, 05:32 PM
After Satoshi, people were no longer attracted to pseudonymous founders due to reliability and trustworthiness. Disclosing the team's track record might be a plus, as it could accelerate the project's ecosystem to the next level of growth. However, transparency means increased scrutiny, which could involve legal authorities. Therefore, the excuse of "hacking" is not a safe way to disguise a failed project.
1 Reply Quote Share
Posts: 339 · Reputation: 40
#10Oct 17, 2024, 09:42 PM
Yep, and that is exactly why defi hasn't taken any attention from real big players like institutions who deployed billions somewhere else except defi. From so many podcasts that I've listened in regard of defi, everybody keep saying that defi have too much risk for a real big player to get in. Exploit, hacking, and so on are the reason why Defi is facing roadblock right now. When we got a tiny 1.7% APY from staking in AAVE with the risk of bad debt due to oracle error or even collateral depeg on top of risk of existing exploit, we ought to ask ourselves whether staking is really worth it or waste of time and too risky? I personally have taken out my money from any staking platform in this bear market.
1 Reply Quote Share
Posts: 433 · Reputation: 52
#11Oct 18, 2024, 12:21 AM
It will never happen. The defi developers are so damn stupid, and they never try to be better. 2022: the total lost from defi hacked was crossed $3.7 billion 2023: the total lost from defi hacked was $2 billion 2024: the total lost from defi hacked was $2.3 billion 2025: the total lost from defi hacked was close to $3.5 billion 2026: the total lost from defi hacked already $169 million. The lesson learned is that so many years passed, but defi developers never learn from their mistake. They might use multisign, but they only put very low threshold combined with no timelock. They also rarely audit their own code like they were the god of coding. This is why i don't think defi developers to get better. This is also an awareness for defi users if any defi can be hacked. the fact that there might be so many undiscovered bugs. Once hacker can that, then it's the end for the defi.
4 Reply Quote Share
Posts: 333 · Reputation: 33
#12Oct 18, 2024, 07:03 AM
The risk there is really that high but there's no assurance of the security from these platforms. And so, if I am an investor I'll make sure that I'll choose a platform where I can be secured despite the little yet assured returns that I'll get. But on them, with little potential returns, it's not worth it to take up that much risk from them.
0 Reply Quote Share
Posts: 339 · Reputation: 40
#13Oct 18, 2024, 11:52 AM
The security "assurance" they offered is nothing more than one time audit they did when they are about to deploy their code, thats it. Some project might put bounty for anyone finding exploit but it's usually some small money, around $100k to secure hundred of millions. It's really as you said, the risk is too high with little potential returns, feels like wasting time and risking everything for nothing in return. There should be some kind of insurance or emergency fund like binance did but tailored for defi maybe by adding some interest cut to fund the emergency fund. Without that, the defi ecosystem won't grow that much because they won't be having any substantial customers but only some retailers.
2 Reply Quote Share
Posts: 333 · Reputation: 33
#14Oct 20, 2024, 07:03 AM
I would like those platforms that have the bug bounty that they're asking help to the experts and making their community a safe place. Making these bug bounty hunters involved in their business also gives them the credibility that they are serious of increasing the security for their users and at the same time, paying them much or allotting a budget on it shows that they're serious in combatting any issue that they might face. But not all of them are like that and are too confident with their security and that's why if some flaw has been seen, they're already penetrated quickly by these hackers.
4 Reply Quote Share
gasio328Full Member
Posts: 159 · Reputation: 735
#15Oct 20, 2024, 07:31 AM
Not really shocking, considering how this could be something that would be pretty obvious to most people. We should not be considering this to be that shocking, because at the end of the day we are going to see people keep trying. If even CIA or FBI can get hacked, with all their agents information and all, then how do you assume that this won't be any different, of course every business keeps getting hacking attempts and there are many defi that is very small, tiny, and they do not have the manpower or talent to keep the hackers away at all times.
4 Reply Quote Share
coinxSenior Member
Posts: 176 · Reputation: 818
#16Oct 22, 2024, 07:17 PM
As long as there's good financial incentive for exploiting bugs in experimental tech, there will be countless of hackers working 24/7 to find them. These hackers can even be state funded. Devs know this but as long there's no real repercussions for weaponized level of incompetence, there's not going to be too much effort to stress test their tech. And people seem to live in some false reality where flawless tech exist, even with tech that have constant security patches proving that there's just countless not yet found exploits.
2 Reply Quote Share
just_wolfNewbie
Posts: 236 · Reputation: 11
#17Oct 23, 2024, 12:17 AM
The Drift Protocol exploitation was organized and carried out over the past six months, so it wasn't a one time, all out operation, but rather a process of building trust offline. And guess where this is headed? Where else but North Korea, as this was part of their plan from the start to approach Drift Protocol.
5 Reply Quote Share
fork_quantumFull Member
Posts: 246 · Reputation: 675
#18Oct 23, 2024, 05:57 AM
God, crypto exploit is just part of the Crypto world itself hmmmm. I mean there is no single year that crypto is secure from hand of hacker or DPRK, to be honest I dont even know is this real north korea that hack all of us or just a gimmick to cover something fishy. In here you can find a list https://rekt.news/leaderboard that now already counts 286 of hacked, exploit and other thing that related from billion to a couple of hundred thousand. Most of them are DeFi with smart contracts. Even an audited smart contract still gets hacked big cex like Bybit got hacked.
4 Reply Quote Share
Posts: 433 · Reputation: 52
#19Oct 23, 2024, 06:52 AM
The developers these days are being so careless with their platforms. They rarely held hackathon, though it would be cost less than when their platform got hacked. They can't ensure their thousand lines of code safe from the loophole that can be exploited by the hackers. This is the reason i'm getting tired of this defi BS. Whenever it gets hacked, it's gonna be the end of defi unless hackers return the funds back. In some cases, the defi developers were begging to hackers to return the funds, which is hilarious.
3 Reply Quote Share
Posts: 339 · Reputation: 40
#20Oct 23, 2024, 10:05 AM
The problem is always on the lack of funding though when it comes to bug or exploit bounty. Imagine finding an exploit that allows you to withdraw entire pool of tens of million dollars versus getting compensated maybe $10k. If the person who found the exploit is not greedy and prefer a honest reward, he'd prefer to get paid in honest manner by disclosing exploit to the dev without actually touching it, but imagine if it is a greedy person who found the exploit. Bug bounty can only do so much.
1 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics