Crypto Gloss

DeFi Hack Analysis

If DeFi’s promise is trustless finance, its security record is a profound challenge to that promise. Since 2020, DeFi protocols have lost over $7 billion to hacks, exploits, and attacks — a number that dwarfs traditional finance fraud as a percentage of assets managed. Yet this record is not evidence that the technology is unfixable. Each major hack has revealed a specific, identifiable class of vulnerability; the security toolbox has evolved in response; and the protocols that survived learned from the protocols that didn’t. This entry systematically analyzes major DeFi hacks by attack vector, frequency, extractable lessons, and the emerging security infrastructure that aims to prevent recurrence.

Categories of DeFi Attacks

The following sections cover this in detail.

Category 1: Bridge Hacks (Largest Absolute Losses)

Bridges — protocols that move assets between blockchains — have proven the most dangerous single category of DeFi infrastructure:

Why bridges are high-value targets:

  • Bridges hold large reserves of assets on one chain as collateral for issued tokens on another
  • Many bridges rely on a “validator set” — a small number of validators who sign off on cross-chain messages
  • Compromising a majority of validators (or the keys themselves) allows arbitrary fund theft
  • The “concentration risk” of bridges: billions of dollars locked in one contract

Ronin Network — $625M (March 2022)

The largest DeFi hack to date:

Bridge structure: The Ronin bridge (used by Axie Infinity) required 5 of 9 validator signatures to authorize large withdrawals. Sky Mavis (Axie’s developer) controlled 4 validator nodes. The Axie DAO controlled 1 validator node that Sky Mavis had temporary access to during high transaction periods — and this temporary permission was never revoked.

Attack: North Korea’s Lazarus Group (attributed by FBI) gained access to 5 validator private keys via a spear-phishing attack targeting Sky Mavis employees through a fraudulent job offer. With 5-of-9 signatures available, Lazarus authorized fraudulent withdrawals of 173,600 ETH and 25.5M USDC — $625M at the time.

The discovery timing: The hack occurred March 23, 2022 but was not discovered until March 29 — 6 days later — when a user’s withdrawal failed. The bridge had been emptied for nearly a week before anyone noticed.

Lessons:

  • Multi-sig threshold concentration: Don’t let one entity control a majority of validators
  • Inactive permission sets must be actively revoked
  • Monitoring should alert to abnormal large withdrawals in real time

Wormhole — $320M (February 2022)

Bridge structure: Wormhole is a message-passing protocol; on Solana, a “guardian” network of validators confirms cross-chain messages. A Solana smart contract (the Solana program) verifies guardian signatures before minting wTokens.

Attack: The attacker found a vulnerability in the Solana program where a previously-deprecated function for verifying guardian signatures (“verify_signatures” vs. “verify_signed_transfer_instruction”) was still callable. By calling the old function path, the attacker created a spoofed “SignatureSet” account that appeared valid to the main contract but had not been validated by any guardians, then used this to mint 120,000 wETH (Wrapped Ethereum) with no real ETH backing.

Response: Jump Crypto (Wormhole’s main backer) replenished the 120,000 ETH within 24 hours to make users whole — an extraordinary intervention by a private backer that set a notable precedent.

Lessons:

  • Deprecated code must be removed, not just deprecated
  • Every code path that can create privileged state must be verified
  • Program upgrade authority creates a centralization risk (allowed Jump to replenish but also a vulnerability)

Nomad — $190M (August 2022)

Attack type: Often called a “copy-paste hack” — the first exploiter found a vulnerability, then hundreds of others copied the exploit transaction, modifying only the recipient address. The message verification contract had been updated with a bug that treated any Merkle root of 0x0 as valid, allowing messages to be replayed without proper validation.

Unique characteristic: Unlike most bridge hacks, this was not targeted by a single sophisticated attacker. Once the first exploit transaction was visible on-chain, copycat exploiters simply substituted their own addresses into the same transaction pattern. This created a chaotic “free for all” where even unsophisticated actors drained funds.

Lessons:

  • Critical contracts require multiple independent audits before upgrade changes
  • Some “white hat” rescuers actually kept funds rather than returning them — the “rescue” ambiguity problem
  • Upgrade mechanisms without timelocks (allowing immediate deployment) are dangerous

Multichain/Anyswap — $126M (July 2023)

Circumstances: CEO Zhaojun He was reportedly detained by Chinese police in May 2023. By July 2023, $126M of assets began moving from Multichain bridge contracts to unknown wallets. Multichain’s team cited inability to reach the CEO who held sole control of server keys. Whether this was an external hack of keys held by detained CEO or an insider/nation-state action remains unclear.

Lessons:

  • Single point of failure in key management is existential risk
  • Decentralization of key management is not optional for production-scale bridges

Category 2: Flash Loan Attacks (Leverage Without Capital)

Flash loans — uncollateralized loans that must be repaid within a single transaction — enable attackers to access enormous capital for a single block to exploit price sensitivities.

Harvest Finance — $34M (October 2020)

Mechanism:

  1. Attacker borrows $50M USDC via flash loan
  2. Pumps USDC price in Curve’s yPool (Harvest uses Curve for its pricing)
  3. Deposits into Harvest at the manipulated high USDC valuations (receives more than fair share of Harvest shares)
  4. Curve price returns to normal
  5. Redeems Harvest shares for underlying USDC at normal price → profit
  6. Repays flash loan

Why it worked: Harvest used a “spot” price oracle (current pool reserves) rather than a time-weighted average price (TWAP) oracle. Spot prices can be manipulated within a single block; TWAP requires sustained large price impact over many blocks.

Lessons:

  • All price-sensitive operations must use TWAP oracles, not spot prices
  • The Harvest hack standardized “use TWAP” as a DeFi security principle across the industry

bZx — $1M + $600K (February 2020)

The first major flash loan attacks — two attacks within a week demonstrated the flash loan pattern before it was well understood. The second attack (March 2020) expanded to $8M, setting a template for attacks through that year.

Category 3: Oracle Manipulation

Related to but distinct from flash loan attacks, oracle manipulation exploits attacks against price feeds directly rather than through liquidity mechanics.

Cream Finance — Multiple Attacks (2021)

Cream Finance suffered three significant exploits totaling $180M+ in 2021:

August 2021 ($29M): AMP token’s ERC-777 callback vulnerability. ERC-777 adds “hooks” called on transfer; Cream’s collateral accounting failed to account for reentrancy during the AMP token transfer, allowing attackers to double-borrow against the same collateral.

October 2021 ($130M): Complex flash loan attack creating artificial demand for yUSD (Yearn’s token) to manipulate its price oracle, then using manipulated prices to borrow against overstated collateral.

Lessons: ERC-777 tokens require explicit reentrancy protection in lending protocol integrations.

Euler Finance — $197M (March 2023)

Background: Euler Finance was a well-audited lending protocol (6 audits from major firms). The exploit leveraged the donate() function — a function designed to allow users to donate to the protocol’s reserve.

Mechanism:

  1. Attacker takes a flash loan
  2. Deposits tokens into Euler and mints “eTokens” (collateral receipt tokens)
  3. Uses a second Euler operation to borrow more than should be possible, exploiting the donate() function which donated to the reserve but also increased the attacker’s “soft liquidation” trigger price favorably
  4. Forced a sequence where internal accounting inconsistency allowed withdrawal of more than deposited

White hat ending: After international media attention and blockchain correspondence with the Euler team, the attacker returned the $197M approximately 2 weeks after the hack — one of the largest voluntary returns in DeFi history. The attacker’s motive remains unclear; theories include that Lazarus Group was involved but the attention became too high.

Lessons:

  • Audit count does not equal security — 6 audits missed this vulnerability
  • Formal verification (mathematical proof of correctness) is the frontier beyond traditional auditing
  • donate() functions and similar reserve manipulation functions require specific threat modeling

Category 4: Governance Attacks

Beanstalk — $182M (April 2022)

The clever mechanism:

  1. Beanstalk used a governance model where proposals could be executed in the same transaction as their proposal vote, with immediate execution if quorum reached
  2. Attacker constructed a governance proposal (BIP-18) and executed the following in one atomic transaction:
    Take flash loan of ~1 billion worth of governance tokens (BEAN)
    Vote on attacker’s own malicious proposal with the flash-loaned tokens
    Reach the required quorum (67%)
    Execute the proposal (which transferred the protocol’s ~$182M to the attacker)
    Repay the flash loan
  3. The entire attack happened in one transaction — no waiting period or timelock

Why it worked: Beanstalk’s governance had no flash loan protection (voting should require tokens to be held across multiple blocks), no minimum proposal duration, and no timelock before execution. Flash-loaned governance tokens could vote and execute in the same transaction.

Lessons:

  • Governance timelocks (minimum 24–72 hours between proposal and execution) are mandatory
  • Snapshot governance (vote weight counted at a past block, not current) prevents flash loan voting
  • Governance emergency shutdowns require multisigs not governance votes

North Korea’s Lazarus Group: State-Sponsored DeFi Crime

Scale: The UN Panel of Experts documented that North Korea’s Lazarus Group stole approximately $1.7 billion in cryptocurrency in 2022 alone, funding North Korea’s missile program.

Tactics:

  • Spear phishing via LinkedIn: Fake job recruiters approach crypto developers and executives with sophisticated decoy job offers. Files sent during the “recruitment” process contain malware (typically RAT — Remote Access Trojan). One documented case: a senior engineer received a “skills assessment” PDF that installed malware and ultimately gave Lazarus access to the Ronin bridge validator keys.
  • Social engineering patterns: Target high-value employees at bridges and DeFi protocols specifically
  • Extended dwell time: After initial access, Lazarus often waits weeks or months to avoid detection before executing the exploit
  • OFAC-sanctioned wallets: U.S. Treasury has sanctioned specific ETH/BTC wallets linked to Lazarus; compliant exchanges must block these addresses

Post-theft laundering:

  1. Initial funds moved through hundreds of intermediary wallets
  2. Converted to BTC via cross-chain bridges
  3. BTC sent through mixing services (Tornado Cash was heavily used before OFAC sanctions; Railgun used post-2022)
  4. Eventually laundered through non-KYC exchanges in specific jurisdictions

Tracking resources: Chainalysis publishes detailed Lazarus attribution reports; TRM Labs provides real-time sanctions screening.

Post-Hack Response Patterns

The following sections cover this in detail.

The “White Hat” Scenario

  • Euler Finance: $197M returned (March 2023)
  • Poly Network: $611M returned (August 2021) — attacker returned everything, reportedly had philosophical motivations
  • Some Nomad “white hats” returned funds; others kept them

Bug bounty mechanics: Wormhole has an active $2.5M bug bounty. Immunefi is the dominant DeFi bug bounty platform with $100M+ paid to date.

The “Contact Attacker On-Chain” Protocol

After a hack, protocols routinely send on-chain messages to the attacker’s address offering:

  • 10% white hat bounty (keep 10%, return 90%)
  • No legal action if funds returned within 24–48 hours

This has worked in multiple cases (Euler being largest). The calculus for the attacker: keeping $197M means constant surveillance from Chainalysis, FBI, and international law enforcement; accepting $20M via a legal white hat bounty is a much cleaner exit.

The DeFi Security Infrastructure

Key infrastructure components are detailed below.

Auditing Firms

  • Trail of Bits: Known for deep technical analysis; formal verification capabilities
  • OpenZeppelin: Maintains widely-used security standards and audits
  • Certik: High volume, controversial after multiple audited protocols were later exploited
  • ChainSecurity / PeckShield / Halborm: Mid-tier auditors

Limitation: Audits are point-in-time. Upgrades, new integrations, and emergent interactions with other protocols create post-audit vulnerabilities.

Formal Verification

Bug Bounties (Immunefi)

  • MakerDAO: $10M
  • Chainlink: $5M
  • Polygon: $2M

Over $100M paid across >1,500 bug reports as of 2024.

Real-Time Monitoring

  • OpenZeppelin Defender: Smart contract operations platform with automatic pause functionality
  • Gauntlet: Risk modeling for DeFi protocols (e.g., Aave uses Gauntlet to set collateral parameters)

How Total Loss Breaks Down

Approximate total DeFi losses 2020–2024: $7B+ (varies by source methodology)

By category:

Category Approximate % Largest Single
Bridge hacks ~45% Ronin $625M
Wallet/key compromise ~20% Multichain $126M
Flash loan / Oracle ~15% Euler $197M
Governance attacks ~5% Beanstalk $182M
Rug pulls (categorized separately) ~15% Various

By platform:

  • Ethereum ecosystem: ~70% of losses (most protocols, most value)
  • BSC/BNB Chain: significant rug pull exposure
  • Solana: lower absolute losses but several notable incidents (Wormhole uses Solana-Ethereum bridge)

Related Terms

Sources

Qin, K., Zhou, L., Livshits, B., & Gervais, A. (2021). Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit. Financial Cryptography and Data Security 2021, Lecture Notes in Computer Science Vol. 12674.

Perez, D., Werner, S.M., Xu, J., & Livshits, B. (2021). Smart Contract Vulnerabilities: Vulnerable Does Not Mean Exploited. Proceedings of the 30th USENIX Security Symposium, pp. 1325–1341.

Werner, S., Perez, D., Gudgeon, L., Klages-Mundt, A., Harz, D., & Knottenbelt, W. (2022). SoK: Decentralized Finance (DeFi). Proceedings of the 4th ACM Conference on Advances in Financial Technologies, pp. 30–46.

Chainalysis. (2023). 2023 Crypto Crime Report: DeFi Hacks Chapter. Chainalysis Inc., New York.

Gudgeon, L., Werner, S., Perez, D., & Knottenbelt, W.J. (2020). DeFi Protocols for Loanable Funds: Interest Rates, Liquidity and Market Efficiency. Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, pp. 92–112.