DeFi direct hack losses fell to $680M in 2025 from $2.62B in 2022, data show. AI audits helped, but bridge attacks and phishing remain key exposures for 2026.
Alpha Score of 55 reflects moderate overall profile with weak momentum, moderate value, moderate quality, moderate sentiment.
Losses from direct smart-contract exploits in decentralized finance dropped 74% from their 2022 peak, landing at roughly $680 million in 2025, according to data from Immunefi and SlowMist. The peak year for DeFi hacks was 2022, at $2.62 billion. The decline is the first sustained multiyear reduction since the sector took off.
The simple read points to better security tools. Automated scanning, including AI-based contract auditors, caught more vulnerabilities before deployment. Immunefi's data show the number of critical-severity bugs reported through its platform rose 40% over the same period. More bugs found earlier means fewer funds lost later.
The better read is messier. The $680 million figure covers only direct smart-contract exploits. It excludes bridge hacks, oracle manipulation, and social-engineering attacks on protocol operators. Those categories shrank less, or even grew in some quarters. SlowMist's incident database shows a 12% rise in off-chain phishing against DeFi teams between 2023 and 2025. Attacker attention shifted to softer targets.
Protocols that face live exploits today share a trait: they skipped formal audits or used only one firm. Projects audited by two or more independent shops had a 60% lower rate of critical post-deploy findings, Immunefi said in its 2025 year-end report. The cheap-audit tradeoff is an exposure that AI scanning alone does not fix.
The data also flattens some noise. 2022's $2.62 billion included two mega hacks: the Ronin bridge ($625 million) and Wormhole ($325 million). Excluding those outliers, the 2023–2025 trend shows a gentler decline–about 40% rather than 74%. Still, the direction holds.
The next test is whether the first half of 2026 continues the slide or levels off. A major cross-chain bridge exploit or a repeat of a Curve-style oracle attack would reset the timeline. If the rate holds, DeFi's direct vulnerability surface may be shrinking faster than the industry's growth in total value locked.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.