DeFi’s old hack vectors are fading – But the new risk can hit six chains at once
DeFi losses have fallen sharply from a 2022 peak of $2.62 billion to about $534 million in 2024, while median loss per incident also dropped. Reusable defenses have largely reduced bridges, flash-loan attacks, and key compromises, but attacks are shifting toward protocol logic bugs. In 2025, 89.1% of losses came from code-specific flaws. Multi-chain deployment is now the main systemic risk: the same vulnerable protocol code can be copied across Ethereum, Base, Arbitrum, Polygon, OP Mainnet, Sonic, and others, so one bug can drain funds on multiple networks at once. Balancer’s 2025 exploit showed this clearly, with about $128 million stolen across six chains due to an arithmetic precision flaw missed by audits. Overall security is improving, but shared code across chains creates larger blast radius from single logic errors.
