Largest DeFi Exploits in Web3: How to Prevent Similar Security Breaches

Decentralized finance (DeFi) protocols offer decentralized financial services to users, allowing them to make transactions and enter into agreements with other participants. While DeFi protocols aim to provide a secure and reliable platform for their users, several exploits within the past few years have caused significant losses of funds. This article will discuss some of the most extensive DeFi exploits that have occurred recently.

Here are the top 8 crypto DeFi exploits in Web3 after deducting returned funds:

Ronin Chain – $600m

March 2023 was an eventful month for the cryptocurrency space, with the Axie Infinity Ronin bridge hack topping the list at $612 million.

Ronin bridge is an Ethereum side chain used in the popular play-to-earn game Axie Infinity.

The cybercrime group Lazarus, suspected to have North Korean connections, managed to gain access to nine transaction validators’ private keys, allowing them to approve two large transactions and move the funds from their wallet address. Fortunately, a collaboration between authorities, security firms, and cryptocurrency exchanges was able to help track down some of these funds after the hackers spirited them to Tornado cash – an open-source crypto tumbler – and other exchanges.

Wormhole bridge – $323m

In February 2022, an unfortunate incident occurred as crypto hackers exploited a wormhole’s code to take off with crypto worth $326 million.

A wormhole is a token bridge between Solana and Ethereum, which unfortunately failed to prevent the attack. It was made possible by a deprecated/dead insecure function that bypassed signature verification and enabled the chain of delegations of signatures.

Experts in cyber security suggest that developers could have prevented the attack if they had practiced ‘secure coding practices’ where they must check all parameters. The check could have ensured the authentication of valid addresses and thus ruled out illegitimate sources from accessing assets on the chain.

Beanstalk – $181m

On a fateful weekend in April 2022, a hacker unleashed an attack that rocked the crypto community. Using a flash loan – a feature of decentralized finance (DeFi) protocols – they managed to steal $182 million in ETH, BEAN stablecoin, and other assets from the Beanstalk stablecoin protocol.

The hackers presented two malicious proposals to the Beanstalk DAO via its emergency commit function, which requires ⅔ vote before implementation after 24 hours. The attacker used flash loan technology to gain control of 79% of the tokens to pass both proposals and execute their plan successfully.

The funds were sent from within the protocol to pay off the flash loan, with the remainder going into an address associated with a Ukraine-based emergency fund. In total, up to $76 million has been taken by the individual responsible for this brave act.

Nomad – $155m

The perplexing Nomad bridge hack made headlines when it happened on August 1st, 2022. It shocked many blockchain enthusiasts as attackers took advantage of a vulnerability to drain over $190M worth of Ethereum-based assets stored in the multi-chain cross-bridge.

The hackers moved fast and furious, with hundreds of wallets engaged in 960 transactions resulting in 1,175 individual withdrawals from the bridge’s Total Value Locked (TVL). All within hours.

A perplexing aspect of this hack was that all users had to do to hack bridge funds was copy-paste the original hacker’s transaction call data, replace the original address with a personal one, and the transaction would complete.

The hack sent shockwaves throughout the decentralized finance (DeFi) community, proving that hackers remain one step ahead when exploiting loopholes in code. The Nomad bridge provides an illustrative example demonstrating the importance of secure coding practices and reinforces why security remains an ongoing challenge for blockchain projects today.

CREAM Finance – $130.8m

Though the attack on CREAM in October 2021 was one of the largest flash loan heists, it was certainly not an isolated incident. Flash loan attacks involve using a ‘flash loan’ of liquidity, borrowing, and defaulting on this quick funding, all within a single transaction.

By exploiting price calculation errors, hackers can quickly profit from their borrowings. For example, in the case of CREAM, two different addresses interacted with its yUSDVault to mint a large number of crYUSD tokens. They exploited a vulnerability that would double the value of these shares. Though they successfully secured $130 million worth of funds, the ~$1 billion in available collateral could take far more than this amount. 

Flash loan attacks are becoming increasingly prevalent, and the community should ask questions about how they can prevent further security breaches in the future.

BSC token hub – $127m

In October 2022, hackers exploiting a critical vulnerability in the BSC Beacon cross-bridge code made away with crypto assets totaling $570 million.

The BSc Beacon chain, also known as Token Hub, is an inter-chain bridge connecting the BNB Beacon Chain (BEP2) and the BNB Chain (BEP20/BSC).

The hacker did falsify cryptographic proofs called Merkle proofs meant to confirm the validity of data such as transactions. In turn, they used these false Merkle proofs to transfer funds from the BSC Beacon cross-bridge to other chains.

As soon as Tether blocklisted the attackers’ address, quick action followed with over $7 million moved from the BNB chain frozen, confiscating most of their ill-gotten funds.

Harmony Horizon – $100m

In June 2022, the Harmony Horizon Bridge project got compromised when hackers stole two of its five validator private keys, allowing fraudsters to transfer $100 million worth of tokens.

This security problem was due to the way the bridge had been set up, with a 2 of 5 validation scheme. As a result, the attacker only needed two approvals for any malicious transaction to be validated. To cover their tracks, the attackers used Tornado Cash to launder some of their ill-gotten gains. 

Though this setup may have seemed secure initially, it proved a lucrative target for bad actors and an expensive lesson in blockchain safety for those caught.

Rari- $91 m

Reentrancy attacks have been around since the early days of Ethereum. They have used contract vulnerabilities to repeatedly withdraw funds before the original transaction is approved or declined.

In May 2022, two decentralized finance platforms got compromised in this manner, with hackers stealing $90 million. Rari Capital’s Jack Longarzo said the attacker exploited the company, and Fei Protocol, which merged with Rari Capital, offered the hacker a $10 million bounty.

Blockchain security company BlockSec explained that the hackers used a reentrancy vulnerability. 

Developers can prevent these types of attacks by properly testing and auditing contracts before deployment on the Ethereum blockchain.

How to protect yourself from DeFi exploits

DeFi protocols have become increasingly popular and complex, making them attractive targets for hackers. The following are seven tips to help you protect yourself from DeFi exploits:

  1. Perform thorough due diligence on any project before investing. Check the platform’s code, website, team members, and social channels for red flags.
  2. Ensure a trusted source audits the contracts you interact with and that the audit results are publicly available.
  3. Don’t store large amounts of funds in one DeFi contract, making it more vulnerable to attack.
  4. Stay updated with the latest security news to learn about new exploits.
  5. Implement proper authentication and authorization procedures for all accounts that interact with DeFi protocols.
  6. Make sure your wallet is secure, and use two-factor authentication whenever possible.
  7. Regularly monitor your funds and transactions on the blockchain to detect any suspicious activity or unauthorized withdrawals.

Following these tips can help protect you from DeFi exploits and ensure your funds are safe when interacting with decentralized finance protocols. However, it’s also important to remember that no system is infallible, so it’s always best practice to take extra caution when dealing with digital assets.


Overall, security is one of the most important considerations when dealing with cryptocurrencies and DeFi protocols. Unfortunately, as the industry continues to grow, so do the risks of malicious activity. While it’s impossible to guarantee total safety, following these tips can help you protect yourself from DeFi exploits and keep your funds secure. 

By staying current on the latest developments in blockchain security and ensuring proper authentication procedures are in place for all accounts, you can help ensure that your digital assets remain safe.


What is tornado cash?

Tornado Cash is an Ethereum-based privacy protocol that allows users to mix crypto.

What is a Flash loan?

A Flash loan is a type of loan on the Ethereum blockchain that allows users to borrow funds without putting up collateral.

What is a DeFi exploit?

A DeFi exploit attacks decentralized finance protocols that use vulnerabilities to steal funds from decentralized platforms.

Is Uniswap a DeFi platform?

Uniswap is a decentralized finance platform allowing users to trade cryptocurrencies and digital assets.

Our content is derived from a thorough research, yet we acknowledge the potential for deserving businesses to be overlooked. If you’re a business owner or a reader who believes a valuable business is missing from our list, write to us at [email protected].

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan