List of DeFi hacks

List of DeFi Hacks – Risks in 2023

In the current review, you can get an insight into the meaning of DeFi protocols, their influence on crypto assets flows, main features, etc. Also, you can learn about the biggest DeFi hacks since the active introduction of technology on the market. Each is related to different aspects of DeFi protocol operation (operating with flash loans, flaws of the smart contract security audits, etc.).

Top 11 Hacks of 2022

Though the DeFi industry is fairly reliable and comes with multiple fuse tools, there is always a danger from malicious artists who constantly explore blockchain technology to find loopholes to drain funds. Among the most typical problems you may face are the following:

  • flash loan attacks;
  • DeFi exploits via smart contract vulnerability;
  • cyber attack on users’ wallets;
  • usage of hacked private keys, etc.

Below, you can learn more about the most significant DeFi hacks that led to multimillion losses, affected native token prices, etc.

Cream Finance

Cream Finance is a lending protocol based on the Ethereum blockchain. With it, you can borrow or lend money without being limited to the types of currencies. In 2022, a powerful attack on the lending protocol resulted in more than $ 130 million being stolen.

The attack was based on multiple lending and borrowing operations in more than 70 assets. Together with stolen tokens, the hackers manipulated asset prices. Even though the hacker’s wallet was identified, the funds were promptly transferred to the main accounts.

Ronin Network

In the spring of 2022, the Ronin network was attacked by the Lazarus Group, an association of North Korean hackers. Ronin is focused more on the gaming business and is known for the crypto game Axie Infinity. However, thanks to the attack on the validation nodes, the hackers managed to change the protocols for verifying cryptocurrency transactions.

The users’ private keys were hacked, and the malicious artists entered false data for the withdrawal of funds by acting on the gas-free RPC node. After that, a fraudulent withdrawal of funds was initiated. As a result, about 630 million dollars were stolen, subsequently reimbursed to all asset holders.

Poly Network

This network is another decentralized exchange for operating with digital currencies and transferring them from one chain to another. Unfortunately, in 2022, the network was attacked by hackers, resulting in about $611 million being stolen. The funds were transferred to three independent addresses due to exploiting a vulnerability in the source code.

The next day there was a statement from the hackers that they intended to return the funds, and the attack was aimed at testing the system’s security. In the end, Poly Network offered the hackers half a million dollars as a reward for providing information about the vulnerability and the position of a chief security advisor.

Harvest Finance

This service allows you to invest digital money and earn on the exchange using exchange rate fluctuations. The latest attack on the Harvest Finance resulted in a loss of $24 million. The hackers took advantage of the flash loan option to deposit a large amount of money using the cryptographic exploit. As a result, hackers drained funds by manipulating prices.


Badger is a special service that allows users to use bitcoins to place pledges on different platforms. Recently, the system was hacked using a phishing attack through the Cloudflare application.

By compromising an API key, the unknown hacker has stolen funds (about $120 million) from the wallets of many dozens of service users. Later, Badger eliminated the exploit, but only $9 million was returned. In addition, the users now need to verify their emails before accessing the API. is one of the largest cryptocurrency exchange services. In the winter of 2022, hackers managed to gain access control and withdraw about 34 million dollars. As a result, the assets of more than 500 DeFi users were under attack and lost funds.

The situation resulted from bypassing the two-factor authentication mechanism, which is currently taken as one of the standard security services. However, the company has not yet indicated the mechanisms of how the hacker bypassed the protection.

Nomad Bridge

This cross-chain Nomad Bridge service allows you to exchange tokens within various blockchains. Unfortunately, in the fall of 2022, hackers managed to steal over $190 million within three hours. It became possible after the update of smart contracts, which, on the one hand, made it easier for users to interact with the system, but on the other hand, it made it possible to fake transactions.

After cyber attacks, white hat hackers returned more than thirty million dollars. Also, there was an official statement that in the case of returning 90% of the assets, they can keep the remaining funds (about 10%) without fear of legal prosecution.

Fei Rari

The company was established due to merging a popular service provider in the digital lending market (Rari Capital) and the Fei Protocol stablecoin. As a result of the attack in 2022, the company lost about $80 million from the stable pool. The attack was made possible by a vulnerability that allowed re-entry into the lending protocol.

After that, the attacker deployed smart contracts that used the vulnerability to withdraw funds. The company offered the hacker about $10 million if the money was returned. However, there was no response from the malicious artist.

It is also worth noting that the same company experienced cyber attacks earlier. One of them was connected with the flash loan attack when a hacker exploited more than $11 million was stolen.

Understanding of DeFi Protocols

This abbreviation stands for Decentralized Finance. In essence, it is a decentralized financial ecosystem with open access. Inside the system, you can use public blockchain tools (most often, Ethereum acts as the main one) to create financial offers, services, and more.

From a structural point of view, the DeFi protocol is a peer-to-peer system with no third parties, so you can provide services directly. Anyone can access an ecosystem where peer-to-peer (P2P) and decentralized applications (dApps) manage user funds and assets.

Main Features of DeFi Technologies

DeFi has some important features to fulfill its function, which are described below. Knowing them, one can indirectly or directly understand the main threats and directions of attacks.


The ecosystem is managed solely by smart contracts. Due to the absence of third parties, outside interference is minimized.


All tools in the DeFi ecosystem are open-source. It means you can monitor the functioning of the services at any time. In this case, transactions are performed under conditions of pseudo-anonymity, despite their public nature.

Cross-border access

DeFi services are fairly universal and relatively easy to manage. Anyone with Internet access can use them for trading tokens, buying insurance, exchanging cryptocurrency, etc.

Relative simplicity

You can quickly master the basic principles of how the service works. In this case, the main work falls on the smart contract, and you do not need to fill out forms, as is the case with the classic financial sector.


The system is customizable, and with the help of an open API, you can use third-party (but supported) interfaces and tools. In addition, you can combine and configure multiple DeFi systems into one.


Which platform is best for DeFi?

It all depends on your purposes and goals. However, the Kraken platform is taken as the top-notch pick when writing.

Is DeFi risk-free?

Though the decentralized finance platforms are secure, there are always risks connected with smart contract operation and the usage of the flash loan. Also, there can be private key attacks, use of cross-chain bridge vulnerabilities, etc.

How many ETH are locked in DeFi?

At the time of writing, the total sum is about $125.7 billion.

What can you do on DeFi?

Any DeFi project is a multipurpose tool for trading any platform’s native token, operating with various real-world asset types, buying insurance, and many more.