🔐 Biggest DeFi & Crypto Protocol Hacks in History

Over the years, the DeFi ecosystem has experienced some of the most audacious smart contract exploits and bridge hacks on record. These events highlight the importance of security, trust minimization, and risk management for liquidity providers.

Understanding what's been exploited and why helps inform your risk strategy. Learn from history to protect your future positions.

Monitor Ongoing Exploits

Stay informed about the latest DeFi exploits, hacks, and scams by monitoring Web3 is Going Just Great. This comprehensive timeline tracks exploits, rug pulls, and failures across the entire crypto ecosystem in real-time. It's an invaluable resource for understanding the current threat landscape and making informed decisions about where to provide liquidity.

Top DeFi Hacks & Exploits

Based on data from Web3 is Going Just Great, here are the largest actual hacks and exploits (excluding collapses, bankruptcies, and exit scams):

🥇 Bybit Exchange – ~$1.5B (February 2025)

The largest crypto hack ever recorded. Stolen from cold wallets via a phishing exploit.

What happened: Attackers used phishing to gain access to exchange cold wallets, draining $1.5 billion in user funds. Only $42.89 million was recovered.

Lesson: Centralized exchanges face different risks than DeFi protocols, but the losses can be orders of magnitude larger. Custody risk is real-even "cold" wallets can be compromised.

🥈 Axie Infinity / Ronin Bridge – ~$625M (March 2022)

Hackers compromised validator keys on the Ronin sidechain, stealing 173,600 ETH and 25M USDC, totaling over $600M. Only $5.7 million was recovered.

What happened: Attackers gained control of validator keys, allowing them to approve fraudulent withdrawals from the Ronin bridge.

Lesson: Bridge security is critical. Cross-chain bridges are among the most vulnerable targets in DeFi. Validator key security is paramount.

🥉 Poly Network Exploit – ~$611M (August 2021)

A cross-chain bug allowed hackers to drain funds across Ethereum, BSC, and Polygon. All assets were later returned, as the hacker deemed it a "white hat" challenge.

What happened: A vulnerability in the cross-chain protocol allowed the attacker to withdraw funds without proper authorization.

Lesson: Even protocols with good intentions can have critical bugs. The "white hat" return was unusual-most exploits don't end this way. This could have been catastrophic if the funds weren't returned.

4th: Binance Bridge Hack – ~$586M (October 2022)

The Binance Smart Chain bridge was exploited, with $430 million recovered.

What happened: Attackers exploited a vulnerability in the BSC bridge, allowing them to mint tokens without proper backing.

Lesson: Even the largest exchanges and their infrastructure can be vulnerable. Bridge protocols remain high-risk targets.

5th: FTX Hack – ~$477M (November 2022)

Occurred during FTX's collapse, with funds stolen from the exchange.

What happened: Attackers exploited FTX during its bankruptcy filing, stealing funds from the exchange's wallets.

Lesson: Exchange collapses create additional attack vectors. Chaos and confusion during failures can enable additional exploits.

6th: Wormhole Bridge Hack – ~$320M (February 2022)

A bridge vulnerability enabled attackers to mint 120,000 wETH without backing, draining $320M in wrapped ETH. $140 million was recovered.

What happened: A bug in the Wormhole bridge allowed attackers to mint wrapped tokens without depositing the underlying assets.

Lesson: Bridge protocols are high-risk targets. The complexity of cross-chain systems creates many attack vectors. Recovery is possible but not guaranteed.

Other Major DeFi Exploits

Balancer – ~$110M (November 2025)

Drained via faulty access control in the "manageUserBalance" function. This was Balancer's third security breach (following incidents in 2021 and 2023), demonstrating that even extensively audited protocols can be exploited.

What happened: A vulnerability in access control allowed unauthorized users to manipulate user balances and drain funds.

Lesson: Even the most established protocols can be repeatedly exploited. Audits don't guarantee security. Read more about the Balancer exploit.

Nomad Bridge – ~$190M (August 2022)

Stolen through a duplicate withdrawal exploit due to misconfiguration.

What happened: A configuration error allowed users to withdraw more funds than they deposited by submitting duplicate transactions.

Lesson: Simple configuration errors can lead to massive losses. Always verify protocol configurations and security settings.

Beanstalk Farms – ~$182M (April 2022)

Lost via a flash loan-based governance hack that yielded the attacker control of funds.

What happened: Attackers used flash loans to gain majority voting power in governance, then voted to drain the protocol's funds.

Lesson: Governance attacks are a real threat. Protocols with low token distribution or weak governance can be vulnerable to flash loan attacks.

Euler Finance – ~$197M (March 2023)

Drained using a logic flaw in deposit validation. Hackers returned some funds days later.

What happened: A vulnerability in the deposit validation logic allowed attackers to drain funds by exploiting the protocol's lending mechanism.

Lesson: Even well-audited protocols can have critical bugs. The partial return of funds was unusual but doesn't change the severity of the exploit.

Truebit – ~$26.4M (January 2026)

Exploited via a bug in an older contract (deployed in 2021) that allowed price calculation overflow, enabling attackers to mint large amounts of TRU tokens for next to nothing.

What happened: An integer overflow bug in the price calculation allowed attackers to mint massive amounts of tokens at minimal cost.

Lesson: Older contracts aren't necessarily safer. Legacy code can have vulnerabilities that weren't discovered until later.

Yearn Finance – Multiple Exploits

Yearn has been exploited four times:

2021: $11 million
2023: $11 million
November 2025: $6.6 million (infinite mint exploit)
December 2025: $300,000 (legacy contract exploit)

Lesson: Even battle-tested protocols with strong security practices can be repeatedly exploited. Past security doesn't guarantee future safety.

Ribbon Finance – ~$2.7M (December 2025)

Exploited via oracle price manipulation in legacy Ribbon vaults, allowing attackers to withdraw large amounts of ETH and USDC.

What happened: Attackers manipulated oracle prices to withdraw more funds than they should have been able to.

Lesson: Oracle manipulation is a common attack vector. Protocols relying on external price feeds are vulnerable.

Historic Crypto Platform Hacks (Beyond DeFi)

Bybit Exchange – ~$1.5B (February 2025)

Stolen from a cold wallet phishing exploit; marks the largest crypto heist ever.

What happened: Attackers used phishing to gain access to exchange cold wallets, draining $1.5 billion in user funds.

Lesson: Centralized exchanges face different risks than DeFi protocols, but the losses can be orders of magnitude larger. Custody risk is real.

Coincheck – ~$530M (January 2018)

NEM tokens stolen via hot wallet breach.

What happened: Exchange kept funds in hot wallets (connected to the internet), making them vulnerable to hacking.

Lesson: Hot wallet security is critical. Exchanges should keep most funds in cold storage.

Mt. Gox – ~$473M (2011–2014)

BTC stolen during the collapse of what was once the world's largest Bitcoin exchange.

What happened: Multiple security failures and potential insider involvement led to the loss of hundreds of millions in Bitcoin.

Lesson: Even the largest platforms can fail catastrophically. This historic hack shaped early crypto security practices.

What These Exploits Teach Us

Cross-Chain Bridges Are High-Risk

Cross-chain bridges remain the most vulnerable targets in DeFi, accounting for several billion in losses. The complexity of bridging assets across different blockchains creates many attack vectors.

Mitigation: Be especially cautious with bridge protocols. Consider using native assets on each chain rather than bridging when possible.

Flash Loans Can Be Weaponized

Flash loans and governance systems can be weaponized if permissioning logic is flawed. Attackers can borrow massive amounts, manipulate protocols, and return the loans-all in a single transaction.

Mitigation: Understand how protocols handle flash loans and governance. Protocols with low token distribution are especially vulnerable.

Audits Don't Guarantee Security

Even extensively audited protocols can be hacked: Balancer (3 breaches: 2021, 2023, 2025), Euler, and Beanstalk all had audits and strong reputations before being exploited. Audits reduce risk but don't eliminate it.

Mitigation: Treat audits as one factor in your risk assessment, not a guarantee of safety.

Newer Protocols May Be Riskier

While established protocols have been battle-tested, they've also been exploited. Newer protocols may have even less testing, creating a catch-22 where you're choosing between "tested but exploited" and "new but untested."

Mitigation: Prefer established protocols with long track records, but remember they're not immune to exploits.

Centralized Exchanges Face Different Risks

CEXes face different risks (custody, phishing, insider access) compared to DeFi protocols, but the losses are often orders of magnitude larger. The Bybit hack shows that even large exchanges can be compromised.

Mitigation: Consider using DeFi protocols for better control over your assets, but understand the smart contract risks.

Using This to Inform Your Risk Strategy

If you're providing liquidity:

Stick with audited platforms and known protocols (e.g. Uniswap, Curve, Orca, Raydium)-but remember that even these can be exploited, as demonstrated by Balancer's multiple breaches.
Be cautious around bridge protocols or nascent yield farms. Newer protocols may have even less testing than established ones.
Never overlook the importance of diversification and protocol risk limits. Don't put more than you can afford to lose in any single protocol.
Consider smart contract insurance for high-value positions through protocols like Nexus Mutual or InsurAce.
Monitor protocol security updates and incident reports regularly.

Pro tip: Break down your LP capital across platforms, chains, and asset types-don't put all your liquidity in one contract. Even if a protocol is "safe," smart contract risk is always present.

Smart Contract Risk - How to assess and mitigate smart contract risk
Risks Overview - Complete guide to all LP risks
Protocol Guides - Learn about risks specific to each protocol
Blog: Should You Be Worried? - A realist's perspective on DeFi risks

Next: Gas Fees & Transaction Costs →

Top DeFi Hacks & Exploits​

🥇 Bybit Exchange – ~$1.5B (February 2025)​

🥈 Axie Infinity / Ronin Bridge – ~$625M (March 2022)​

🥉 Poly Network Exploit – ~$611M (August 2021)​

4th: Binance Bridge Hack – ~$586M (October 2022)​

5th: FTX Hack – ~$477M (November 2022)​

6th: Wormhole Bridge Hack – ~$320M (February 2022)​

Other Major DeFi Exploits​

Balancer – ~$110M (November 2025)​

Nomad Bridge – ~$190M (August 2022)​

Beanstalk Farms – ~$182M (April 2022)​

Euler Finance – ~$197M (March 2023)​

Truebit – ~$26.4M (January 2026)​

Yearn Finance – Multiple Exploits​

Ribbon Finance – ~$2.7M (December 2025)​

Historic Crypto Platform Hacks (Beyond DeFi)​

Bybit Exchange – ~$1.5B (February 2025)​

Coincheck – ~$530M (January 2018)​

Mt. Gox – ~$473M (2011–2014)​

What These Exploits Teach Us​

Cross-Chain Bridges Are High-Risk​

Flash Loans Can Be Weaponized​

Audits Don't Guarantee Security​

Newer Protocols May Be Riskier​

Centralized Exchanges Face Different Risks​

Using This to Inform Your Risk Strategy​

Related Resources​