Analysis shows DeFi cyberattack losses per dollar of volume greatly exceed those in traditional financial systems.
According to a recent analysis by CryptoSlate editor-in-chief Liam Wright, decentralized finance (DeFi) platforms are losing funds to cyberattacks at a vastly higher rate than traditional financial systems.
The study estimates that, relative to transaction volume, DeFi losses occur roughly 85 times more frequently, highlighting persistent structural risks in the sector.
Drawing on breach data from various sources, the analysis found that traditional financial institutions lost about US$2.6bn against a transaction volume of approximately US$3.5 quadrillion, representing a loss rate near 0.00007%. By comparison, DeFi platforms recorded roughly US$2.8bn in losses on US$46tn in volume, or about 0.006%.
While total losses appear similar in absolute terms, the disparity in transaction scale reveals significantly higher relative risk in DeFi systems, accord to Wright. He attributes this gap to inherent design and operational factors, including vulnerabilities in smart contracts, the irreversible nature of blockchain transactions, and interconnected protocol dependencies that can amplify failures. He also points to a development culture that often prioritizes rapid deployment over rigorous security testing.
Recent incidents underscore these concerns. On 18 April, attackers exploited a flaw in KelpDAO’s LayerZero V2 bridge, generating 116,500 unbacked rsETH tokens and moving them onto Ethereum. The assets were quickly distributed across multiple wallets and used as collateral on Aave to borrow large amounts of wrapped Ether derivatives. The exploit caused an estimated US$293m in losses and left Aave with between US$177m and US$196m in bad debt, despite its core protocol remaining intact.
The breach triggered cross-chain effects, prompting the Arbitrum Security Council to freeze over 30,000 ETH linked to the attacker. By mid-April, total DeFi losses for 2026 had reached approximately US$795m, with April alone accounting for more than US$630m, according to Memento Research. A separate exploit on Drift Protocol earlier in the month resulted in an additional $285m loss.
Despite blockchain transparency allowing exploits to be observed in real time, Wright describes this as a “marketing paradox”. While traditional finance breaches can take months to detect and disclose, DeFi incidents unfold publicly, often damaging user confidence immediately.
Attack frequency is also rising. At least 47 incidents were recorded by mid-April, a 68% increase year-over-year. If trends continue, annual losses could approach US$2.5bn, reinforcing concerns about whether DeFi can reconcile its open, trustless model with sustainable security practices.
