Solutions

Company

Resources

Blog

Contact

Login

    • Advisory

      AI Advisory

      Strategic guidance for secure AI adoption

      Blockchain Architecture Assessment

      Reviewing blockchain designs for security and resilience

      Compliance Readiness

      Aligning controls to evolving regulatory mandates

      Custody and Key Management Assessment

      Securing digital asset custody and key systems

      Risk Assessment

      Clarity on your cybersecurity risk posture

      Technical Due Diligence

      Validating security before third-party commitments

      Technical Training

      Building blockchain and security skills enterprise-wide

    • Assurance

      AI Red Teaming

      Adversarial testing against real-world AI threats

      AI Security Assessment

      Identifying vulnerabilities in AI models and pipelines

      Blockchain Layer 1 Assessment

      Protocol-level security review of L1 networks

      Code Security Audit

      Uncovering vulnerabilities in your source code

      Web Application Penetration Testing

      Exposing exploitable flaws in web applications

      Cloud Infrastructure Penetration Testing

      Finding weaknesses across cloud environments

      Red Team Exercise

      Full-scope adversarial simulation of your defenses

      Smart Contract Assessment

      Code security testing for blockchain-powered applications and systems.

    • Who We Are

      The best security engineers in the world

      Careers

      Work with the elite

      Who Trusts Us

      The trusted security advisor for blockchain and financial services industries

      Brand

      Access official logos, fonts, and guidelines

      Service Commitments

      Committed to Protecting Your Data

    • Audits

      In-depth evaluations of smart contracts and blockchain infrastructures

      BVSS

      Blockchain Vulnerability Scoring System

      Disclosures

      All the latest vulnerabilities discovered by Halborn

      Case Studies

      How Halborn’s solutions have empowered clients to overcome security issues

      Reports

      Comprehensive reports and data

  • Blog

  • Contact

Login

STAY CURRENT WITH HALBORN

Subscribe to the monthly Halborn Digest for our top blogs and videos, major company announcements, new whitepapers, webinar and event invites, and one exclusive interview.

ADVISORY SERVICES

AI AdvisoryRisk AssessmentBlockchain Architecture AssessmentCompliance ReadinessCustody and Key Management AssessmentTechnical Due DiligenceTechnical Training

ASSURANCE SERVICES

AI Security AssessmentAI Red TeamingSmart Contract AssessmentBlockchain Layer 1 AssessmentCode Security AuditWeb Application Penetration TestingCloud Infrastructure Penetration TestingRed Team Exercise

COMPANY

Who We AreWho Trusts UsService CommitmentsCareersBrandBlogContact

RESOURCES

AuditsDisclosuresReportsBVSSCase Studies
Halborn Logo
Privacy PolicyTerms of UseVulnerability Disclosure Policy

© Halborn 2026. All rights reserved.

AI Advisory

Strategic guidance for secure AI adoption

Blockchain Architecture Assessment

Reviewing blockchain designs for security and resilience

Compliance Readiness

Aligning controls to evolving regulatory mandates

Custody and Key Management Assessment

Securing digital asset custody and key systems

Risk Assessment

Clarity on your cybersecurity risk posture

Technical Due Diligence

Validating security before third-party commitments

Technical Training

Building blockchain and security skills enterprise-wide

AI Red Teaming

Adversarial testing against real-world AI threats

AI Security Assessment

Identifying vulnerabilities in AI models and pipelines

Blockchain Layer 1 Assessment

Protocol-level security review of L1 networks

Code Security Audit

Uncovering vulnerabilities in your source code

Web Application Penetration Testing

Exposing exploitable flaws in web applications

Cloud Infrastructure Penetration Testing

Finding weaknesses across cloud environments

Red Team Exercise

Full-scope adversarial simulation of your defenses

Smart Contract Assessment

Code security testing for blockchain-powered applications and systems.

Who We Are

The best security engineers in the world

Careers

Work with the elite

Who Trusts Us

The trusted security advisor for blockchain and financial services industries

Brand

Access official logos, fonts, and guidelines

Service Commitments

Committed to Protecting Your Data

Audits

In-depth evaluations of smart contracts and blockchain infrastructures

BVSS

Blockchain Vulnerability Scoring System

Disclosures

All the latest vulnerabilities discovered by Halborn

Case Studies

How Halborn’s solutions have empowered clients to overcome security issues

Reports

Comprehensive reports and data

THIS WEBSITE USES COOKIES

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of their services. You consent to our cookies if you continue to use our website. Learn More.

TOP 50 DEFI HACKS

2016-2022

Discover the surprising trends and data we uncovered.
Download the full report now.

Halborn logotext
Top Hacks Hero
Top Hacks Hero
Breaking Down the Top 50 DeFi Hacks

2016-2022

Comprehensive

Report

Halborn H

/ Scroll down to find out the surprising trends and data we uncovered /

//STATS & FINDINGS

5 KEY FINDINGS

Total Loss Graph

2016-2022

  • TOTAL LOSSES
    FROM TOP 50

    Halborn Slash

    $5.5

    BILLION

    Halborn Slash

  • 2022 lost $1 Billion more than 2021

    Halborn Slash

    + $1

    BILLION

    Halborn Slash

  • Most attacked chains

    Halborn Slash

    ETH &
    SOL

    Halborn Slash

  • exploited smart contract vulnerabilities

    Halborn Slash

    47%

    of EXPLOITS

    Halborn Slash

  • targeted unaudited smart contracts

    Halborn Slash

    34%

    of ATTACKS

    Halborn Slash

//High-Loss Hacks

A Growing Trend

The cost of DeFi hacks is on the rise, as high-loss attacks become more common in the crypto space

NUMBER OF ATTACKS PER YEAR¹

Attacks Per Year Graph

AMOUNT OF MONEY LOST PER YEAR¹

Money Lost Per Year Graph

Download the full report to learn more about the top 50 DeFi hacks and how to protect yourself from future attacks.

//Ethereum and Solana

The Most Targeted Chains

Distribution of Attacks per Chain¹

Distribution of attacks per chain Graph

Order by TVL and number of attacks¹

TVL and Number of Attacks Graph

//Auditing in DeFI

A Critical Component of Security and Risk Mitigation

With 34% of attacks targeting unaudited contracts and 38% falling outside the scope of an audit, our report underscores the importance of rigorous auditing practices in the DeFi space.

Smart Contract Vulnerability Types¹

Smart Contract Vulnerability Types

"Securing the blockchain ecosystem is critical to protecting billions of dollars in assets. As our report shows, many of the top hacks in this space could have been prevented with better security practices and auditing protocols. It's time for the blockchain industry to prioritize security and take proactive steps to identify and mitigate vulnerabilities before they can be exploited by bad actors."

Steven Walbroehl Avatar

Steven
Walbroehl

Co-Founder & CTO of Halborn

Don't be the next victim of a DeFi hack. Download our full report to learn about the latest security threats and best practices.

//The Achilles Heel of DeFi

Smart Contract Vulnerabilities

These findings EMPHASIZE the need for improving smart contract security, implementing robust key management practices, and mitigating risks in the DeFi ecosystem

Types of Attacks per Year¹

  • Smart contract vulnerabilities account for 47% of the top 50 attacks.
  • The second most common attack is private key leakage or theft, which represents 22% of all hacks.
  • Lastly, price manipulation accounts for 19% of attacks.
Types of Attacks per Year Graph

A Breakdown of Smart Contract Vulnerability Types¹

  • The most common smart contract vulnerability type is a logic bug, accounting for 26% of all smart contract hacks.
  • Failed input validation is the second most common vulnerability type, making up 23% of attacks.
A Breakdown of Smart Contract Vulnerability Types Graph

//Stay Ahead of Hackers

5 Best Practices for preventing defi breaches

  • Get your smart contracts audited: Smart Contract vulnerabilities are the leading cause of DeFi hacks. It's crucial to have your smart contracts audited by reputable auditing firms.

  • Use multi-sig wallets: Multi-signature wallets require multiple parties to sign off on a transaction, which adds an extra layer of security. This can help prevent private key theft and unauthorized access to your assets.

  • Avoid hot wallets: Hot wallets are connected to the internet and are more susceptible to hacking attempts. Consider using cold storage wallets, which are not connected to the internet, for long-term storage of your assets.

  • Be cautious with publicly callable functions: Publicly callable functions in smart contracts can be accessed by anyone on the blockchain, including hackers. It's important to limit access to these functions and ensure they are properly validated to prevent attacks.

  • Stay informed and up to date: DeFi is an ever-evolving space, and new vulnerabilities may arise. Stay informed by following reputable sources and consider implementing additional security measures as needed.

Want to stay ahead?

Sign up to receive future reports from our research team

Need Help? We've got your back!

Don't let your platform fall victim to smart contract vulnerabilities or other security threats. Contact Halborn now for professional security advisory and auditing services.

¹ It should be noted that 2018 and 2019 do not appear throughout the datasets. This is because none of the attacks during those years were big enough to make it to the top 50 list.

Data SeaData Sea