Over the past five years, DeFi has steadily moved beyond niche crypto circles into broader financial use with improved interfaces, Layer 2 adoption, and integrations with traditional fintech platforms making it feel more like regular online banking or investing.
DeFi is more popular than ever – testament to this is that in May alone, over 27-million unique wallet addresses interacted with DeFi protocols on-chain. But higher usage also brings higher exploit risk – one that has already caused tens of billions of dollars in losses, according to CryptoPresales.com which says DeFi exploits have wiped out $59-billion in the past five years.
From flash loan attacks to oracle manipulations, exploits have drained tens of billions, proving that innovation in DeFi often runs side by side with risk. And because DeFi is decentralised and smart contracts are immutable once deployed, recovering funds is usually impossible.
According to Sentora Research data, between 2020 and 2024, hackers have exploited over $59-billion from DeFi protocols – and nearly 85% of that came from just one hack. The Terra/Luna crash in May 2022 wiped out $50-billion after UST’s design failed, erasing a quarter of all money locked in DeFi and breaking trust in stablecoins. It shook the whole crypto market, deepening the downturn and raising doubts about how safe and sustainable DeFi really is.
Although the DeFi space hasn’t seen such one-hack damage since, hackers continue to steal significant amounts of money from its protocols. In 2023, DeFi exploits wiped out over $1-billion, and then another $590-million in 2024. With DeFi usage on the rise, it will be interesting to see the 2025 figures.
However, not all DeFi apps carry the same level of risk. Lending platforms are usually more exposed to these hacks, and Sentora data proves it.
So far, there have been 195 reported exploit incidents in the DeFi space with one in four, or around 50, targeting lending platforms. Decentralised exchanges (DEX) and yield aggregators followed with 33 and 20 incidents respectively, while staking saw just two reported hacks.
But when it comes to total value lost, lending platforms fall to third place, accounting for $1,44-billion in damage over the past five years. Bridge protocol came second with $2,78-billion in total losses, while algorithmic stablecoin protocols topped with $53,1-billion or 90% of all exploit losses.
The Sentora data also revealed an interesting fact: A staggering 66% of reported DeFi hacks were audited losses – proving that an audit alone isn’t enough. Moreover, around 16% of exploits since 2020 came from out-of-scope losses, or blind spots, showing that ongoing checks, wider scope, and stronger security practices are just as critical as the audit itself.