CryptoSlate
Industry-wide DeFi losses peaked at $2.62 billion in 2022 and dropped roughly 80% to $534 million by 2024, with the median loss per incident falling from $6 million to $1.5 million over the same period. Bridge exploits, once responsible for 73% of annual losses, now account for just 3% of the total. Flash-loan attacks have collapsed from 54% of losses in 2020 to under 1% in 2025. The old attack surface has been largely engineered out of existence.
Why it matters
The security gains come with a structural trade-off. By 2025, 89.1% of DeFi losses stemmed from protocol logic exploits — bespoke code-level flaws that resist the reusable defenses that killed off flash loans and bridge hacks. More critically, major protocols now deploy identical code across Ethereum, Base, Arbitrum, Polygon, OP Mainnet, and Sonic simultaneously. A single arithmetic flaw embedded in that shared codebase no longer threatens one chain — it threatens every chain running the same contract at the same time. The Balancer V2 Composable Stable Pools exploit in late 2024 illustrated this precisely: an arithmetic precision flaw in the pools' invariant math drained roughly $128 million across six blockchains in under 30 minutes, despite eleven prior audits having missed it.
Market impact
On a loss-to-TVL basis, Ethereum and Solana each sit at approximately 0.42% and BNB Chain at 0.33%, suggesting that scale and security have been improving in tandem. However, the multi-chain deployment model means that Polygon, OP Mainnet, Base, and Sonic now absorb the full risk surface of every protocol they host.
WuBlockchain
TheBlock
CoinDesk
CoinTelegraph