The biggest hacks in DeFi in recent years. How hackers bypass security

Major hacks of crypto projects continue to put pressure on the decentralized finance (DeFi) segment. The latest notable incident was an attack on the Drift protocol.
This is not an isolated case for decentralized finance. Such incidents regularly lead to losses of hundreds of millions of dollars and affect the stability of the entire segment. At the same time, vulnerabilities arise each time in different parts of the infrastructure.
Collected five notorious hacks that impacted the history of DeFi.
Drift Protocol
On April 1, 2026, one of the largest DeFi protocols for trading perpetual futures on Solana, Drift Protocol, lost about $285 million. The cause was not an error in the code, but a complex attack that combined social engineering with the use of legitimate network functions.
Preparation took at least six months. The attackers, presumably linked to North Korean hackers, posed as hedge fund representatives, attended conferences, built connections with Drift participants, and even deposited over $1 million into the protocol to appear as reliable partners.
At the same time, they created a fake token, CarbonVote Token (CVT), added minimal liquidity, and artificially pumped the price by inflating trading volume. As a result, the oracles began to perceive CVT as an asset worth about $1.
A key role was played by the Solana durable nonces feature, which allows signing transactions in advance and executing them after a long time. The attackers gained access to at least two keys from Security Council members (2-of-5 multisig), allowing them to sign transactions on behalf of the administrators.
On April 1, pre-prepared transactions were executed. The attackers gained administrative rights, added CVT as collateral with inflated limits, used it to obtain liquidity, and withdrew assets, including USDC, SOL, and cbBTC, totaling about $285 million. The entire operation took about 12 minutes.
This case became one of the most illustrative for DeFi, as the attack was aimed not at the code but at governance processes and the human factor.
Radiant
On October 16, 2024, the credit protocol Radiant Capital lost about $50 million as a result of one of the most complex attacks in DeFi. The vulnerability was not in the code but in the trust of people and their devices.
The attack began a month before the hack. One of the developers received a message via Telegram from a person who was mistaken for a former contractor. The archive allegedly contained a PDF report on a recent hack of another project. After opening the file, malware was quietly installed on the device, which subsequently infected other team members.
On October 16, during the standard transaction signing procedure via multisig, the attackers exploited their gained access. The developers saw normal operations in the interface but were actually signing transactions that transferred control over the protocol.
Having obtained the necessary signatures, the hackers took control of the contracts, updated them to malicious versions, and withdrew funds from pools across different networks, including Arbitrum and BNB Chain. Part of the funds was also directly withdrawn from user wallets due to previously granted token access permissions.
The attack was also linked to North Korean hackers.
Orbit Chain
On December 31, 2023, in the last hours of the outgoing year, the South Korean cross-chain bridge Orbit Bridge (Orbit Chain ecosystem) lost about $81.5 million due to key compromise.
The protocol used multisig to protect funds; however, the attacker gained control over a sufficient number of keys, presumably 7 out of 10. This allowed him to conduct legitimate transactions and directly withdraw funds from the Ethereum Vault.
Within minutes, assets were withdrawn through several transactions, including ETH, USDT, USDC, WBTC, and DAI. The total amount exceeded half of the funds in the treasury at that time.
Part of the funds was immediately converted and distributed to new addresses. Before the attack, one of the wallets was replenished through Tornado Cash, indicating a possible connection to the North Korean Lazarus group.
The Orbit Chain team halted the operation of the bridge and involved law enforcement and security specialists. The exact cause of the key compromise has not been disclosed. Among the versions, social engineering, key leakage, or infrastructure hacking are being considered.
This case showed that even multisig does not protect if attackers gain access to private keys. Ultimately, the vulnerability was not in the code but in the access control system.
KyberSwap (Kyber Network)
On November 23, 2023, the decentralized exchange KyberSwap (part of the Kyber Network ecosystem) lost about $50 million due to a complex vulnerability in smart contracts. Unlike many other cases, the attack was entirely technical and did not involve social engineering or key compromise.
The vulnerability was in the mechanics of KyberSwap Elastic concentrated liquidity, where liquidity is distributed across price ranges. A calculation error led to incorrect accounting of liquidity when the price changed.
The attack occurred simultaneously across multiple networks, including Ethereum, Arbitrum, and Polygon. The attacker used a flash-loan, which is an instant loan without collateral, to obtain a large sum. With it, he artificially 'pumped' the price within the pool and then, exploiting a calculation error, withdrew more funds from the protocol than he actually deposited.
The critical issue was that under certain conditions the system counted the same liquidity twice. As a result, the protocol provided more funds than it should have. The attack took mere minutes. The total damage was about $50 million, and the funds in the protocol were nearly zeroed out in one day.
The Kyber Network team confirmed that the vulnerability was not identified in audits. Later, the attacker attempted to negotiate the return of part of the funds in exchange for control over the protocol but was refused.
This case showed that even a small error in calculations can lead to massive losses, especially in complex DeFi mechanisms.
Euler Finance
On March 13, 2023, the decentralized lending protocol Euler Finance lost about $197 million. This is the largest DeFi hack of the year and a classic example of a flash-loan attack based on a single smart contract vulnerability.
The protocol allowed users to place tokens in pools, take loans against collateral, and earn interest. Despite conducted audits, one of the functions lacked an important check, which became the cause of the attack.
The attacker used a flash-loan to obtain a large sum, deposited part of the funds into the protocol, and based on that borrowed significantly more. He then exploited a vulnerable function that reduced his collateral but did not recalculate the debt.
As a result, his position became 'unhealthy' and was subject to liquidation. The hacker initiated the liquidation for himself and received a bonus that, due to an error, was higher than the actual debt. This allowed him to withdraw more funds from the protocol than were deposited.
The scheme was repeated several times in different pools, including DAI, USDC, and ETH. The entire attack took about 20 minutes.
After the hack, the Euler team offered the hacker to return the funds in exchange for a reward. After a few weeks, he indeed returned almost all the assets, which became a rare case for DeFi.
$ARB , $SOL , $POL 
#MarketTurbulence , #Сryptomarketnews , #AreWeFree ?
A group for those who like to stay updated on changes in the financial news agenda, cryptocurrency, commodities, and technological changes in the markets.
🤫
And besides all that, sometimes in this group, we will publish quite curious stories...
🙄
Welcome to the club! Our doors are open for subscribers!
😉