The Most Popular DeFi Protocol Hacks: Lessons from the Past and How to Protect Your Funds

DeFi (decentralized finance) has revolutionized cryptocurrency, allowing users to lend, exchange, and earn on assets without intermediaries. However, this has also made protocols attractive targets for hackers. From 2020 to 2024, DeFi hacks led to losses exceeding $59 billion, with an additional $2.2 billion in 2024. In 2025, the situation improved (losses in October dropped 85% to $18 million), but risks remain. In this article, we’ll review the most popular hacks, their causes, and countermeasures. The goal is not to scare, but to teach how to avoid losses.

The Most Popular DeFi Protocol Hacks

Here are the top-10 largest or most resonant DeFi hacks.They often involve bridges, lending protocols, and exchanges.

Ronin Bridge Hack

The Ronin Bridge, supporting the Axie Infinity game, suffered one of the largest DeFi hacks in history on March 23, 2022, with attackers stealing approximately 173,600 ETH and 25.5 million USDC, valued at around $625 million. The breach went undetected for six days until a user reported an inability to withdraw funds. The attackers compromised private keys through social engineering, gaining control of five out of nine validator nodes required for transaction approvals. This included four nodes controlled by Sky Mavis (the game's developer) and one third-party node from Axie DAO. The hack was linked to North Korea's Lazarus Group, who laundered funds through services like Tornado Cash. Partial funds were recovered, including $5.7 million with Norwegian authorities' help in 2024, but much remains lost.

Poly Network Hack

On August 10, 2021, Poly Network, a cross-chain interoperability protocol, was hit by a hacker who exploited a vulnerability in its smart contracts, transferring over $610 million in cryptocurrencies across Ethereum, Binance Smart Chain, and Polygon. The attacker accessed funds by compromising the contract's keeper keys, allowing unauthorized calls to withdraw assets. Unusually, the hacker returned nearly all funds over the following weeks, claiming it was a "white hat" demonstration of the vulnerability. Tether froze $33 million in USDT involved, and the hacker embedded messages in transactions explaining their actions. This remains one of the largest crypto hacks, though mitigated by the return of assets.

Wormhole Bridge Hack

On February 2, 2022, the Wormhole Bridge, connecting Solana and Ethereum, lost $325 million (120,000 wETH) due to a signature verification flaw. The attacker bypassed guardian validations, minting unbacked wrapped ETH on Solana without depositing collateral on Ethereum. The hack was detected quickly, and Jump Crypto replenished the funds. It exposed risks in cross-chain bridges, where unbacked tokens could destabilize ecosystems.

Nomad Bridge Hack

Nomad Bridge was drained of $190 million on August 1, 2022, in a chaotic "permissionless" hack. A routine upgrade marked a zero hash as trusted, allowing anyone to spoof messages and withdraw funds without verification. Hundreds of copycats joined, turning it into a crowd-looting event. About 20% of funds were returned by white hats, but most were lost. This exposed dangers in proxy upgrades and message proving.

Euler Finance Hack

Euler Finance lost $197 million on March 13, 2023, in a flash loan attack exploiting a solvency bypass in its eToken donateToReserves function. The hacker borrowed massively, donated collateral to trigger under-collateralization, and self-liquidated for profit. Linked to North Korea's Lazarus Group, most funds were returned after negotiations, with the hacker apologizing.

Multichain Hack

Multichain bridges were exploited for $126 million on July 6, 2023, with unauthorized outflows from Fantom, Moonriver, and Dogecoin bridges. Suspected as an inside job or rug pull due to the CEO's disappearance and technical issues, hackers likely compromised admin keys. This led to halted services and suspicions of North Korean involvement.

DMM Bitcoin Hack

DMM Bitcoin, a Japanese exchange, lost $305 million (4,502.9 BTC) on May 31, 2024, due to a private key leak. Hackers, linked to North Korea's TraderTraitor, manipulated transactions via social engineering and impersonation. The exchange shut down, transferring assets to SBI VC Trade.

ByBit Hack

In February 2025, Bybit lost $1.4 billion in ETH due to a malware injection in its Safe{Wallet} UI, compromising the signing process. Linked to North Korea's TraderTraitor, hackers tampered with JavaScript to approve malicious transfers. Funds were laundered via mixers and DEXs.

Abracadabra Hack

Abracadabra lost $1.8 million on October 4, 2025, via a logic flaw in its Cauldron V4 cook() function, allowing uncollateralized MIM borrows. The attacker reset validation flags, repeating a fork's earlier flaw. Funds were laundered via Tornado Cash, no user impact after DAO mitigation.

These hacks often exploit vulnerabilities in smart contracts, bridges or oracles (price feeds). Many are "drains," where funds are siphoned from liquidity pools due to code errors or key compromises.

Top-10 Tips How to Secure Your Funds

To minimize risks, DeFi users should follow basic security rules. Here are the top-5 tips, based on expert recommendations (e.g., from Halborn and OWASP). These tips are aimed at individual users, not protocol developers.

1. Store private keys offline (e.g., Ledger or Trezor). This protects against online attacks like phishing or computer compromise.
2. Many hacks exploit unlimited token spend approvals. Use revoke.cash for revoking signatures and approvals after interacting with protocols, to cancel unnecessary permissions and reduce risks from malicious dApps.
3. Before investing, verify if the protocol has been audited by reputable firms (e.g., Certik or PeckShield). Avoid new projects without history.
4. Use 2FA on all accounts, and monitoring tools like Wallet Guard or Forta to detect suspicious transactions in real time.
5. Don’t keep all funds in one protocol. For large amounts, use multi-signature wallets requiring multiple confirmations for transactions.
6. Always verify URLs before connecting wallets, use bookmarks for trusted sites, and avoid clicking suspicious links in emails or social media.
7. Regularly update your wallet apps, browsers, and operating systems to patch known vulnerabilities that could be exploited.
8. Consider protocols like Nexus Mutual or Unslashed to insure your deposits against hacks or smart contract failures.
9. Use secure, private networks or a VPN to prevent man-in-the-middle attacks when interacting with DeFi.
10. Learn to spot common threats like rug pulls, honeypots, or fake airdrops through resources like crypto security blogs or communities.

DeFi is a powerful tool, but security depends on you. By studying past hacks, we can avoid repeating mistakes. If you're a developer, add regular audits and monitoring. For users, follow the tips above, and your funds will be safer.