DeFi looked like easy money.
People chased big profits.
Hackers chased them.
$2B lost in the top 10 DeFi hacks.
Here’s what really happened 👇
As we get started, may I ask for a quick favor?
I've put a lot of time in research to create this and would appreciate any interaction with the thread.
Bookmark, like, or reply to the first tweet.
DeFi keeps getting hit - mostly from bad code, leaked keys, or oracle failures.
A report from Elliptic says more than $10B vanished from DeFi in the past year alone.
Quick tip: trust audits, double-check projects, and be careful with bridges and smart contracts.
Here are 10 of the biggest DeFi hacks ever👇
1/10 – Ronin Bridge (2022)
Loss: $625M (173.6K $ETH + 25.5M $USDC)
What happened: Hackers got hold of the validator keys from the Axie Infinity bridge.
Recovered: Only around $30M made it back - most of it’s still gone.
2/10 – Poly Network (2021)
Loss: $611M
What happened: A flaw in the cross-chain code let the attacker transfer tokens that weren’t theirs.
Recovered: Nearly all funds were returned - the hacker said it was a white-hat move.
3/10 – BNB Chain / Token Hub (2022)
Loss: 2M $BNB minted (~$569M), around $100M actually taken
What happened: The attacker used fake proofs to fool the bridge into minting new tokens.
Recovered: About $7M was frozen, but roughly $100M still vanished.
4/10 – Wormhole Bridge (2022)
Loss: $320M (120K $WETH)
What happened: A missing security check let the hacker mint $WETH out of thin air.
Recovered: Not by the hacker - but Jump Crypto covered the full loss.
5/10 – Nomad Bridge (2022)
Loss: $190M
What happened: A faulty code update made every transaction look legit, so dozens joined in and drained funds.
Recovered: Around $36M was later returned by white-hat hackers.
6/10 – Beanstalk Farms (2022)
Loss: $182M
What happened: The attacker used a flash loan to gain majority voting power, then passed a proposal to pay themselves.
Recovered: None - the funds are still gone.
7/10 – Multichain Router (2023)
Loss: $126M
What happened: Someone got hold of the admin keys, and funds started disappearing across several chains.
Recovered: No — the project later shut down, and the money’s gone.
8/10 – Badger DAO (2021)
Loss: $120M
What happened: A malicious script was slipped into the site, tricking users into approving wallet access.
Recovered: Only a small part was frozen on exchanges — most of it’s gone.
9/10 – Horizon Bridge (2022)
Loss: $100M
What happened: Hackers got access to private keys and laundered the funds through Tornado Cash.
Recovered: Just a small portion was recovered by law enforcement.
10/10 – PancakeBunny (2021)
Loss: $45M
What happened: The attacker used a flash loan to manipulate prices, mint a huge amount of BUNNY tokens, and dump them.
Recovered: None - the funds are completely gone.
33.59K
118
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.