Losses from decentralized finance (DeFi) protocol exploits have dropped 74% over three years, falling from $2.62 billion in 2022 to $680.3 million in 2025, according to Web3 security firm Immunefi’s 2026 Ecosystem Vulnerability Audit.
The report, which analyzed exploit-related losses across major blockchains from 2020 through 2025, points to structural improvements in protocol design and security architecture as the primary drivers of the decline.
Fewer dollars lost, but more incidents
Immunefi found that the median loss per incident fell to $1.5 million in 2025, down from $6 million in 2022—a 75% reduction. While the value lost per breach has fallen sharply, the firm noted that the number of discrete incidents is rising, suggesting that DeFi is experiencing more frequent, but generally less catastrophic, security failures.
Although total losses ticked up from $534 million in 2024 to $680.3 million in 2025, Immunefi attributed the increase to a handful of large, complex multi-chain exploits rather than broad deterioration in security standards.
The dataset excluded major centralized exchange failures, including the $1.5 billion loss reported by Bybit in 2025 and a $305 million incident at DMM Bitcoin in 2024, in order to focus on DeFi and related on-chain infrastructure.
Legacy attack vectors sharply reduced
The report highlights steep declines in several of the ecosystem’s most notorious exploit categories:
- Ecosystem-class attacks such as oracle manipulations and reentrancy exploits fell from about 19% of all breaches in 2022 to below 1% in 2025.
- Infrastructure-related failures, including key compromises and database attacks, dropped from 30.7% to 10.3% over the same period.
- Bridge exploits, which once accounted for nearly three-quarters of DeFi losses in 2022, shrank to just 3% of total exploit volume by 2025.
- Flash-loan attacks, responsible for 54% of all losses in 2020, declined to under 1% five years later.
- Private-key compromises declined from 28.7% of exploit-related losses in 2022 to 8.1% in 2025, helped by better key management and access-control systems.
Immunefi said these shifts reflect a broad hardening of DeFi infrastructure and the near-elimination of several once-systemic vulnerabilities.
Industry learning, but stakes remain high
Immunefi chief executive Amador said the data show a sector that is learning from past failures, even as overall losses remain substantial.
He described crypto security as inherently adversarial, with both attackers and defenders continuously upgrading their methods. The marked reduction in categories such as flash-loan attacks and bridge exploits illustrates, he said, that the industry can identify and neutralize recurring structural weaknesses over time.
The long-term trend suggests DeFi protocols are more resilient to the kinds of simple contract bugs and exploitable mechanisms that dominated earlier cycles. However, the financial impact of a single successful exploit on a complex, interconnected system remains large.
2026: More complex exploits hit a fragile market
Despite multi-year improvements, recent data show that attackers are shifting toward more sophisticated targets and methods.
Immunefi’s report points to April 2026 as the most damaging month for DeFi hacks in more than a year, with losses approaching $630 million from only a few major incidents. High-profile breaches included a $292 million exploit of KelpDAO and a $285 million attack on Drift Protocol.
These attacks were not primarily driven by straightforward code flaws, according to the analysis. Instead, they involved intricate manipulations of governance processes and critical infrastructure components, underscoring how the threat landscape is moving toward complex systemic exploits.
This evolution comes during a period of pronounced market stress. Total cryptocurrency market capitalization has dropped by about $2 trillion from its peak, a decline of roughly 48%. Bitcoin has fallen to a four-month low near $61,500, while digital asset funds recorded outflows of $4.21 billion over a recent three-week span, signaling weaker institutional conviction.
Sustained selling pressure has pushed Bitcoin below key support zones, and options markets are now pricing in higher perceived risk. More than $1 billion in leveraged positions were liquidated in a single 24-hour window during the downturn, heightening the potential market impact of any new security shock.
AI intensifies the security arms race
Immunefi’s report highlights artificial intelligence (AI) as an accelerant on both sides of the security contest.
On offense, Amador said AI is speeding up vulnerability discovery and exploitation, enabling faster analysis of codebases and more automated probing of protocol defenses.
On defense, the firm noted that AI is improving the scalability of monitoring, threat detection, and stress testing. When paired with structured code audits and active bug-bounty programs, AI-based tooling is helping teams identify and patch weaknesses earlier in the development cycle.
Amador argued that platforms will need to adopt more adaptive defensive strategies that anticipate novel attack patterns, rather than relying solely on protections designed for known vulnerabilities.
Rising systemic risk from shared dependencies
Beyond individual exploits, Immunefi warned about the growing risk of shared dependencies across the DeFi stack. Many protocols rely on the same codebases, multisig signers, oracle providers, or infrastructure operators.
Amador cautioned that a failure in a single widely used provider or critical module could trigger cascading disruptions across multiple platforms at once. This concentration of risk may be difficult for traders and other market participants to see from the outside, but it could turn discrete technical issues into broader systemic events.
Taken together, the 74% drop in aggregate DeFi exploit losses between 2022 and 2025 and the near-eradication of several major attack categories point to a significantly strengthened security baseline. At the same time, the rising sophistication of recent breaches, the use of AI in both attack and defense, and the sector’s dependence on shared components suggest that the next generation of failures is more likely to stem from complex, interconnected weaknesses than from the simple bugs of earlier cycles.
Want deeper protection insights? Learn key lessons from major hacks in this crypto security breaches guide before your next DeFi move.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
