Realized losses from DeFi lending hacks on EVM and Solana sit at 3 bps of TVL – a rate comparable to US fatal slip-and-fall accidents. What the data means for lenders.
Alpha Score of 41 reflects weak overall profile with weak momentum, weak value, moderate quality, weak sentiment.
Lenders parking funds in DeFi borrowing markets on Ethereum Virtual Machine (EVM) chains and Solana lost roughly $3 for every $10,000 deposited over the past 12 months. That puts realized hack losses at 3 basis points of Total Value Locked (TVL).
The loss rate sits close to the annual rate at which Americans die from slip-and-fall accidents. Keyring Network founder Alex McFarlane derived the figure from DefiLlama records on May 17, isolating lending markets and stripping out bridge incidents.
The research measures trailing 12-month non-bridge lending exploits at $30.9 million gross against $99.6 billion in average TVL. The reading came in at 3.1 basis points gross and 3 basis points net after recoveries, pulled through May 16.
For an individual lender, the math implies that spreading $10,000 across the largest EVM and Solana lending markets carried an annualized hack-loss expectation of about $3 over the past year.
The figure excludes bridge risk, oracle failures, and bugs specific to any single protocol. It assumes the deposit did not land inside a market that suffered a tail event.
DefiLlama records gross hack losses of $7.75 billion across the broader DeFi category over its full history. Excluding bridge incidents drops that figure to $4.52 billion, showing how one category distorts the picture for the rest of DeFi.
Crypto hackers pulled $606 million in April , the worst month since Bybit’s 2025 breach, with Kelp DAO and Drift hacks driving 95% of that month’s total losses.
Hack sizes skew heavily. A handful of mega-events drive most of the cumulative damage, while the bulk of incidents stay small. On a logarithmic scale, the data approximates a lognormal distribution.
Most exploits hit one component inside a market rather than draining an entire protocol. Larger markets absorb a smaller percentage hit when an incident does occur.
That pattern strengthens the case for spreading capital across DeFi lending protocols rather than concentrating it in one venue.
Recoveries also reduce the headline figure. Across all DefiLlama-tracked DeFi protocol losses, capped recoveries amount to about 8% of gross damage. For EVM and Solana lending excluding bridges, the rate climbs to roughly 20% . Euler Finance produced the standout case: the attacker returned all stolen funds after the 2023 flash loan exploit.
Builders are pushing toward leaner code as a security strategy. Morpho contributor Merlin Egalite argued that minimalism is the dividing line between safe and unsafe lending markets.
The $3 per $10,000 reading is realized history, not a guarantee. The data argues against alarmism without dismissing tail risk.
Aave and Morpho continue to absorb the bulk of new lending capital. 2026 has already seen heavy single events, including the KelpDAO incident in April.
Losses now sit within a measurable range that lenders, insurers, and allocators can actually price.
McFarlane isolated lending markets from DefiLlama records on May 17. The trailing 12-month non-bridge lending exploits totaled $30.9 million gross against $99.6 billion in average TVL. After recoveries, the net loss stood at 3 basis points.
The calculation excludes bridge risk, oracle failures, and bugs specific to any single protocol. It assumes the deposit did not land inside a market that suffered a tail event. The number is a realized average, not a guarantee for any single position.
| Metric | Value |
|---|---|
| Trailing 12-month gross non-bridge lending losses | $30.9 million |
| Average TVL (same period) | $99.6 billion |
| Gross loss rate | 3.1 bps |
| Net loss rate (after recoveries) | 3.0 bps |
| All-time DeFi losses (incl. bridges) | $7.75 billion |
| All-time DeFi losses (excl. bridges) | $4.52 billion |
Bridge hacks account for roughly 42% of all DeFi losses tracked by DefiLlama. That concentration means a headline like “$7.75 billion in DeFi losses” overstates the risk for a lender who never touches a bridge.
Crypto hackers pulled $606 million in April – the worst month since Bybit’s 2025 breach. The Kelp DAO and Drift hacks drove 95% of that month’s total. Both involved yield-bearing strategies and cross-protocol interactions, not vanilla lending pools.
For a lender using protocols like Aave or Morpho, the relevant comparison is lending-only exploit data, not the all-in number.
Hack sizes skew heavily. A handful of mega-events drive most of the cumulative damage, while the bulk of incidents stay small. On a logarithmic scale, the data approximates a lognormal distribution.
Most exploits hit one component inside a market rather than draining an entire protocol. Larger markets absorb a smaller percentage hit when an incident does occur.
Recoveries reduce the headline figure. Across all DefiLlama-tracked DeFi protocol losses, capped recoveries amount to about 8% of gross damage. For EVM and Solana lending excluding bridges, the rate climbs to roughly 20% . Euler Finance produced the standout case: the attacker returned all stolen funds after the 2023 flash loan exploit.
Aave and Morpho continue to absorb the bulk of new lending capital. The $3 per $10,000 reading is a trailing average across all EVM and Solana lending markets. An individual lender’s outcome depends entirely on protocol selection and capital allocation.
Spreading capital across multiple lending protocols reduces the probability of tail-loss capture. The lognormal distribution means a concentrated position inside a single market that suffers a tail event could exceed the average by orders of magnitude.
Builders are moving toward leaner code as a security strategy. Morpho contributor Merlin Egalite argued that minimalism is the dividing line between safe and unsafe lending markets. Simpler codebases reduce the surface area for exploits.
A sustained increase in the frequency or size of lending exploits. A bridge-level event that hits a lending protocol through a dependency. A decline in recovery rates toward zero.
Continued low loss rates through the end of 2026. Adoption of minimal code architectures by major lending markets. Higher recovery percentages as attackers return funds.
Practical rule: Spread capital across at least three to five lending markets, favoring protocols with audited, minimal codebases. Monitor protocol-specific exploit history and recovery track records.
Key insight: The $3 per $10,000 reading is realized history, not a guarantee. It gives lenders, insurers, and allocators a baseline that can actually be priced – a rare edge in a market dominated by fear-driven narratives.
For broader context on crypto market dynamics, see our crypto market analysis and coverage of Bitcoin (BTC) and Ethereum (ETH) profiles.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.