New research shows EVM and Solana DeFi lending lost only $3 per $10k deposited over 12 months, with 20% recovery. Bridge exposure remains the key risk.
Alpha Score of 41 reflects weak overall profile with weak momentum, weak value, moderate quality, weak sentiment.
New research from Keyring Network founder Alex McFarlane puts a specific number on DeFi lending hack risk: lenders lost roughly $3 for every $10,000 deposited across EVM and Solana lending platforms over the past 12 months. The figure challenges the perception that DeFi lending is a minefield of exploits. The data, drawn from DefiLlama on May 17, shows total gross losses of $30.9 million against an average Total Value Locked (TVL) of $99.6 billion, producing a gross loss rate of 3.1 basis points. After accounting for recovered funds, the net realized loss rate dropped to roughly 3 basis points.
The headline loss rate is low. It applies only to non-bridge lending exploits on EVM and Solana chains. The analysis explicitly excluded three categories:
Those exclusions matter because bridge attacks have historically dominated DeFi losses. DefiLlama data shows total DeFi hacks of $7.75 billion historically. Excluding bridge exploits reduces that figure to $4.52 billion. The $3 per $10,000 metric is therefore a narrow measure of lending-specific risk, not a blanket safety rating for all DeFi.
McFarlane compared the probability of DeFi lending losses to the annual rate of fatal slip-and-fall accidents in the United States. The comparison is useful for framing. It does not capture tail risk from a single large bridge exploit that could cascade into lending markets.
The simple read: DeFi lending is safe because losses are tiny. The better market read: the risk is concentrated in specific categories. Lenders who stick to well-audited, non-bridge-dependent lending markets on EVM and Solana face a lower probability of loss. Lenders who chase yield on newer protocols with bridge exposure or unverified oracles take on a different risk profile.
Bridge-related attacks have disproportionately impacted the broader DeFi industry. The $3.23 billion difference between total hacks and non-bridge hacks represents roughly 42% of all historical losses. Lending protocols that integrate with bridges or rely on bridged assets carry that exposure even if the lending contract itself is clean.
The research covers a 12-month window ending May 17. That period saw no catastrophic bridge failure on the scale of the Ronin or Wormhole exploits. A single large bridge hack in the next 12 months would raise the loss rate significantly, especially if it affected a lending market that used the bridge as collateral.
A bridge exploit drains liquidity from the bridge itself. If a lending protocol accepts bridged tokens as collateral, the value of that collateral collapses when the bridge is compromised. Lenders face sudden shortfalls even if the lending contract has no bugs. This is the second-order risk that the $3 per $10,000 metric does not capture.
Hack recoveries helped reduce losses. In EVM and Solana lending markets, around 20% of stolen funds were recovered. The most notable example remains the Euler Finance exploit in 2023, where the attacker eventually returned all stolen assets. That outcome is not guaranteed. Recovery depends on negotiation, law enforcement, and the attacker's willingness to cooperate.
A 20% recovery rate means that for every $10,000 deposited, the expected net loss is $2.40 after recoveries. That is the number McFarlane's research highlights. The gross loss rate of 3.1 basis points is the starting point. Recoveries shave off roughly 0.1 basis points.
The current loss rate is low fragile. Three factors could raise it:
DeFi developers are emphasizing simpler and more secure protocol designs. Industry contributors argue that leaner smart contract architecture may reduce future vulnerabilities. That is a positive trend. It takes time to roll out across the ecosystem.
The 12-month window ending May 17 is a snapshot. The next 12 months could look different. TVL is growing. New protocols are launching. The attack surface expands. The loss rate could rise if a major bridge is exploited or if a new lending protocol has a critical bug.
For individual lenders, the research provides a concrete benchmark. A net loss rate of 3 basis points is lower than the fee spread on most lending platforms. The risk of losing principal to a hack is small relative to the yield earned.
The better market read is that the risk is concentrated in specific categories. Lenders who stick to well-audited, non-bridge-dependent lending markets on EVM and Solana face a lower probability of loss. Lenders who chase yield on newer protocols with bridge exposure or unverified oracles take on a different risk profile.
The data also highlights the importance of recovery mechanisms. Protocols with clear recovery plans or insurance funds reduce the net loss expectation. The Euler Finance case shows that full recovery is possible. It is not the norm.
For a broader view of crypto market risk, see our crypto market analysis. For network-specific risk profiles, check the Bitcoin (BTC) profile and Ethereum (ETH) profile.
The low loss rate is encouraging. It is not a license to ignore security. The next 12 months will test whether the trend holds as TVL grows and new protocols launch.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.