DeFi exploits total $680 million so far in 2021

Quick Take

  • There have been 70 DeFi attacks this year across four blockchain platforms.
  • Around $1.4 billion was initially stolen but $760 million has been returned.

The total amount of funds stolen in DeFi attacks has reached $680 million so far this year, according to The Block’s Data Dashboard.

Data collected by The Block Research shows that $1.4 billion was initially taken from DeFi protocols through exploits and bugs but $760 million has been returned. 

Over the year, the space witnessed 70 of the biggest DeFi exploits across four blockchain platforms. The majority of the exploits happened on Ethereum — 34 to be precise — with Binance Smart Chain a close runner-up with 25 attacks. We also saw three on Polygon and two on Avalanche.

Out of the attacks, 34 of them employed flash loans. These are loans that are taken out, used for some function and repaid all in the same transaction block. This means the lender knows their money will be returned (or it was never borrowed in the first place).

As a result, flash loans can be very large at a low cost, enabling hackers to borrow huge amounts of funds in order to maximize the damage of such attacks. (For a detailed analysis of the pros and cons of flash loans, see here.)

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

For example, DeFi protocol xToken suffered an exploit in May. The perpetrator used a flash loan to borrow 61,800 ETH ($270 million) to upset the system and take off with $24.5 million. The sheer size of the flash loan made the attack more profitable.

Three of the five biggest hacks were for Poly Network, which lost $611 million in total before it was then all returned. Other big losses included Compound, which suffered a bug in September that led to the unintended release of $114 million in COMP tokens — of which about half was returned.

Late last month, Cream Finance was exploited for $130 million using a large flash loan. 

For context, this data doesn't include rug pulls and other crypto swindles — it's only focused on exploits of DeFi protocols.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Tim is the Editor-In-Chief of The Block. Prior to joining The Block, Tim was a news editor at Decrypt. He has earned a bachelor's degree in philosophy from the University of York and studied news journalism at Press Association Training. Follow him on X @Timccopeland.