Halborn Logo



Discover the surprising trends and data we uncovered.
Download the full report now.

Halborn logotext
Top Hacks Hero
Breaking Down the Top 50 DeFi Hacks




Halborn H

/ Scroll down to find out the surprising trends and data we uncovered /



Total Loss Graph


    FROM TOP 50

    Halborn Slash



    Halborn Slash
  • 2022 lost $1 Billion more than 2021

    Halborn Slash

    + $1


    Halborn Slash
  • Most attacked chains

    Halborn Slash

    ETH &

    Halborn Slash
  • exploited smart contract vulnerabilities

    Halborn Slash



    Halborn Slash
  • targeted unaudited smart contracts

    Halborn Slash


    of ATTACKS

    Halborn Slash

//High-Loss Hacks

A Growing Trend

The cost of DeFi hacks is on the rise, as high-loss attacks become more common in the crypto space


Attacks Per Year Graph


Money Lost Per Year Graph

Download the full report to learn more about the top 50 DeFi hacks and how to protect yourself from future attacks.

//Ethereum and Solana

The Most Targeted Chains

Type of Attacks Per Year¹

Type of Attacks Per Year Graph

Order by TVL and number of attacks¹

TVL and Number of Attacks Graph

//Auditing in DeFI

A Critical Component of Security and Risk Mitigation

With 34% of attacks targeting unaudited contracts and 38% falling outside the scope of an audit, our report underscores the importance of rigorous auditing practices in the DeFi space.

Types of contract exploitation¹

Types of contract exploitation

"Securing Web3 is critical to protecting billions of dollars in assets. As our report shows, many of the top hacks in this space could have been prevented with better security practices and auditing protocols. It's time for the Web3 industry to prioritize security and take proactive steps to identify and mitigate vulnerabilities before they can be exploited by bad actors."

Steven Walbroehl Avatar


Co-Founder & CTO of Halborn

Don't be the next victim of a DeFi hack. Download our full report to learn about the latest security threats and best practices.

//The Achilles Heel of DeFi

Smart Contract Vulnerabilities

These findings EMPHASIZE the need for improving smart contract security, implementing robust key management practices, and mitigating risks in the DeFi ecosystem

Contract Exploitation¹

  • Smart contract vulnerabilities account for 47% of the top 50 attacks.
  • The second most common attack is private key leakage or theft, which represents 22% of all hacks.
  • Lastly, price manipulation accounts for 19% of attacks.
Contract Exploitation Graph

A Breakdown of Smart Contract Vulnerability Types¹

  • The most common smart contract vulnerability type is a logic bug, accounting for 26% of all smart contract hacks.
  • Failed input validation is the second most common vulnerability type, making up 23% of attacks.
A Breakdown of Smart Contract Vulnerability Types Graph

//Stay Ahead of Hackers

5 Best Practices for preventing defi breaches

  • Get your smart contracts audited: Smart Contract vulnerabilities are the leading cause of DeFi hacks. It's crucial to have your smart contracts audited by reputable auditing firms.

  • Use multi-sig wallets: Multi-signature wallets require multiple parties to sign off on a transaction, which adds an extra layer of security. This can help prevent private key theft and unauthorized access to your assets.

  • Avoid hot wallets: Hot wallets are connected to the internet and are more susceptible to hacking attempts. Consider using cold storage wallets, which are not connected to the internet, for long-term storage of your assets.

  • Be cautious with publicly callable functions: Publicly callable functions in smart contracts can be accessed by anyone on the blockchain, including hackers. It's important to limit access to these functions and ensure they are properly validated to prevent attacks.

  • Stay informed and up to date: DeFi is an ever-evolving space, and new vulnerabilities may arise. Stay informed by following reputable sources and consider implementing additional security measures as needed.

Want to stay ahead?

Sign up to receive future reports from our research team

Need Help? We've got your back!

Don't let your platform fall victim to smart contract vulnerabilities or other security threats. Contact Halborn now for professional security advisory and auditing services.

¹ It should be noted that 2018 and 2019 do not appear throughout the datasets. This is because none of the attacks during those years were big enough to make it to the top 50 list.

Data Sea