More than $284 million has been lost as a result of DeFi hacks since 2019, according to research by Messari.
The crypto research provider says that the average amount stolen in these incidents amounts to $11.9 million.
Flash loan attacks, flaws in smart contracts, exit scams and the manipulation of price oracles were the most common vulnerabilities.
Messari’s data also shows that such incidents tend to cause dramatic declines in the total value locked on affected protocols.
When Pickle Finance suffered a smart contract flaw in November 2020, TVL tumbled by a whopping 81% in 24 hours. More recently, Cream Finance’s TVL fell by 71% over the same period, following on from a flash loan attack on February 13.
In some cases, total value locked never ends up recovering fully. Pickle Finance’s TVL remains 73% below the level it was before the hack.
What Can Be Done?
Some of the biggest names in the DeFi space — including Maker, Synthetix, Balancer, SushiSwap and Yearn Finance — are among those that appear on the list of exploits.
The data spans from July 2019 up until February 2021, which is when DeFi experienced “its largest exploit ever,” with Alpha Homora losing $37.5 million.
Messari has warned that, at present, the decentralized finance industry “only covers a fraction of TVL in DeFi” — means more needs to be done to protect protocols, not to mention the investors who use them on a daily basis.
Back in February, its analysts wrote:
“DeFi is not for the faint-hearted. The sector is increasingly resilient to attacks but the blistering pace at which the sector develops necessitates growing pains. There’s work being done to contain the reputational damage posed by attacks and the losses by users.”