Back

New Systemic Risks in DeFi Exploits Affecting Multiple Chains

Severity: Medium (Score: 51.9)

Sources: Cryptorank, cryptoslate.com, Cryptoslate

Published: 2026-06-07 · Updated: 2026-06-07

Keywords: defi, losses, million, hack, vectors, fading, risk

Summary

Decentralized finance (DeFi) has seen a significant reduction in losses, dropping from $2.62 billion in 2022 to $534 million by 2024. However, new vulnerabilities have emerged due to multi-chain deployments, where a single flaw can impact multiple networks simultaneously. A notable incident occurred in November 2025, when Balancer's V2 Composable Stable Pools lost approximately $128 million across six blockchains due to an arithmetic precision flaw. This vulnerability was undetected by eleven audits, highlighting the subtlety of modern exploits. While the median loss per incident has decreased from $6 million in 2022 to $1.5 million in 2025, the number of unique incidents rose to 83 in 2025, indicating more frequent but less damaging attacks. Bespoke protocol logic exploits now account for 89.1% of DeFi losses, showcasing the evolving threat landscape. Key Points: • DeFi losses decreased from $2.62 billion in 2022 to $534 million in 2024. • A single code flaw can drain funds across multiple chains simultaneously. • Bespoke protocol logic exploits constituted 89.1% of DeFi losses in 2025.

Detailed Analysis

**Impact** DeFi protocols across six major blockchains—Ethereum, Base, Arbitrum, Polygon, OP Mainnet, and Sonic—are affected by systemic risks due to shared code vulnerabilities. Industry-wide losses peaked at $2.62 billion in 2022 and declined by 80% to $534 million in 2024, with median loss per incident dropping from $6 million in 2022 to $1.5 million in 2025. Despite fewer high-value exploits, the number of unique incidents rose to 83 in 2025. The November 2025 Balancer V2 exploit resulted in a simultaneous $128 million drain across six chains, demonstrating cross-chain amplification of a single flaw. **Technical Details** The primary attack vector exploited an arithmetic precision flaw in Balancer’s V2 Composable Stable Pools’ invariant math, causing rounding errors that compounded through chained batched swaps. This vulnerability was embedded in identical smart contract code deployed on all six blockchains, enabling simultaneous multi-chain exploitation. Eleven separate audits failed to detect the flaw. No specific CVEs or malware/tools were mentioned. The attack exploited protocol logic at the code level during the execution phase of the kill chain. **Recommended Response** Urgently review and patch arithmetic precision and rounding logic in multi-chain deployed smart contracts, especially those using composable stable pools or similar invariant math. Enhance audit processes to include checks for subtle rounding and precision errors. Deploy monitoring for unusual batched swap patterns and cross-chain transaction anomalies. Maintain vigilance on protocol logic exploits and track emerging indicators of compromise related to multi-chain exploit attempts.

Source articles (3)

  • DeFi's old hack vectors are fading - But the new risk can hit six chains at once — Cryptoslate · 2026-06-07
    Decentralized finance has gotten a lot safer over the past six years, and a new review of protocol losses from 2020 through 2025 puts a pretty large number behind that claim. Industry-wide DeFi losses…
  • DeFi's old hack vectors are fading – But the new risk can hit six chains at once — Cryptorank · 2026-06-07
    DeFi protocol losses peaked at $2.62 billion in 2022 and fell roughly 80% to $534 million by 2024, with median loss per incident down from $6 million in 2022 to $1.5 million in 2025 while unique incid…
  • Axie Infinity Ronin Bridge Hacker Has Already Moved 38293 Eth 114 8 Million — cryptoslate.com · 2026-06-07
    Hackers who stole over $615 million in the Ronin Network exploit have already moved over $114 million worth of Ethereum. Cover art/illustration via CryptoSlate. Image includes combined content which m…

Timeline

  • 2022-01-01 — DeFi losses peak at $2.62 billion: Industry-wide losses reached a record high, primarily due to bridge hacks and flash-loan attacks.
  • 2024-01-01 — DeFi losses drop to $534 million: Total losses in the DeFi sector fell significantly, reflecting improved security measures.
  • 2025-01-01 — Unique incidents rise to 83: The number of unique hacking incidents in DeFi increased, indicating a shift in attack patterns.
  • 2025-11-01 — Balancer V2 exploit drains $128 million: An arithmetic precision flaw allowed attackers to drain funds across six blockchains simultaneously.

Related entities

  • Balancer (Company)
  • Binance Bridge (Company)
  • Bybit (Company)
  • Harmony (Company)
  • Nomad (Company)
  • Poly Network (Company)
  • Qubit (Company)
  • Ronin Bridge (Company)
  • Ronin Network (Company)
  • Wormhole (Company)
  • Arbitrum (Company)
  • Base (Company)
  • Ethereum (Company)
  • Polygon (Company)
  • Sonic (Company)
  • North Korea (Country)
  • BNB Chain (Platform)
  • OP Mainnet (Platform)
  • Solana (Platform)
  • Tornado Cash (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed