Back

DeFi Lending Hacks Result in Minimal Losses Amid Security Concerns

Severity: Low (Score: 39.9)

Sources: Beincrypto, Techflowpost

Published: 2026-05-18 · Updated: 2026-05-19

Keywords: defi, data, lending, markets, annualized, loss, rate

Severity indicators: rat

Summary

Over the past year, DeFi lending markets on EVM chains and Solana experienced hack losses of approximately $3 for every $10,000 deposited, translating to a loss rate of 3 basis points of Total Value Locked (TVL). This figure, derived from DefiLlama data, excludes incidents related to cross-chain bridges. The total realized hack losses amounted to $30.9 million against an average TVL of $99.6 billion. Despite the losses, the risk of hacking in DeFi lending is comparable to the annual risk of dying from a slip-and-fall accident. Cumulative losses across all DeFi protocols reached $7.75 billion, with $4.52 billion attributed to non-bridge incidents. The data indicates that while larger hacks can skew perceptions, most incidents are smaller and affect specific components rather than entire protocols. Builders are focusing on leaner code to enhance security, and recoveries from hacks have mitigated overall losses significantly. Key Points: • DeFi lending markets suffered losses of $3 per $10,000 deposited over the last year. • Total hack losses in DeFi reached $7.75 billion, with $4.52 billion from non-bridge incidents. • The risk of hacking in DeFi lending is comparable to the risk of slip-and-fall accidents.

Detailed Analysis

**Impact** DeFi lending markets on Ethereum Virtual Machine (EVM) chains and Solana experienced losses totaling approximately $30.9 million over the past 12 months, representing an annualized loss rate of about 0.03% of total value locked (TVL), or $3 lost per $10,000 deposited. Cumulative losses across all DeFi protocols amount to $7.75 billion historically, with $4.52 billion excluding cross-chain bridge incidents. Lending protocols face the highest frequency of attacks due to large asset volumes held in smart contracts, affecting global decentralized finance participants and investors. **Technical Details** Attacks primarily exploited vulnerabilities in lending protocol smart contracts, including collateral management and liquidation logic, with no specific CVEs or malware detailed. The majority of incidents targeted isolated components within protocols rather than entire platforms, with large-scale thefts skewing loss distribution. Attackers used flash loan exploits and other DeFi-specific techniques, as seen in the 2023 Euler incident. No specific IOCs or infrastructure details were provided. **Recommended Response** Defenders should prioritize comprehensive code audits, implement real-time network-wide risk monitoring, and adopt leaner, minimalistic smart contract code to reduce attack surfaces. Spreading capital across multiple lending protocols can mitigate concentration risk. Monitoring for unusual transaction patterns and flash loan activities is advised. No specific patches or IOCs were identified for immediate blocking.

Source articles (2)

  • Annualized loss rate merely 0.03%: A data — Techflowpost · 2026-05-18
    Every disruptive fintech innovation inevitably undergoes growing pains—and decentralized finance (DeFi) is no exception. Early lending markets launched rapidly and scaled aggressively; the industry th…
  • DeFi Lending Hacks Cost $3 Per $10,000 of TVL, Data Shows — Beincrypto · 2026-05-17
    Lenders parking funds in DeFi borrowing markets on Ethereum Virtual Machine (EVM) chains and Solana lost roughly $3 for every $10,000 deposited over the past 12 months, putting realized hack losses at…

Timeline

  • 2026-05-16 — DeFi hack loss data reported: DefiLlama reported a loss of $30.9 million from lending exploits against an average TVL of $99.6 billion.
  • 2026-05-17 — Hack loss figures analyzed: Keyring Network founder Alex McFarlane detailed the annualized hack loss rate for DeFi lending markets.
  • 2026-05-18 — Annualized loss rate reported: Techflowpost reported an annualized loss rate of 0.03% for DeFi lending protocols excluding bridge incidents.

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • Bybit (Company)
  • Euler (Company)
  • Euler Finance (Company)
  • Kelp DAO (Company)
  • Drift (Campaign)
  • T1566 - Phishing (Mitre Attack)
  • Ethereum Virtual Machine (Platform)
  • Solana (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed