Written by: Alex McFarlane
Compiled by: Chopper, Foresight News
Every disruptive financial technology is bound to experience growing pains, and decentralized finance (DeFi) is no exception. In the early days, lending markets launched rapidly and expanded dramatically. The industry was hit by various security attacks in the open market one after another, then gradually explored ways to improve code security, collateral risk control, oracle mechanisms, liquidation logic, and governance systems.
Past risk cases have reference value, but they can no longer represent today's mature DeFi ecosystem. After all, those who only review history often fail to seize current opportunities.
Excluding security incidents related to cross-chain bridges, the estimated annual loss rate caused by theft and malicious attacks for DeFi lending operations on Ethereum Virtual Machine (EVM) and Solana chains is about 0.03% of the total value locked (TVL) in lending. This analysis data is all integrated from hacker attacks and vulnerability theft events annotated on the DeFi Llama platform.
The core standard for judging security risk is: how significant is the actual loss from exploited vulnerabilities relative to the amount of funds in the market?
The loss rate of three ten-thousandths is roughly equivalent to the probability of an American citizen dying from an accidental slip and fall. This shows that, setting aside the widespread market panic, the actual security risk of DeFi lending business is actually quite low.
Breakdown of DeFi Security Incidents
As of May 16, 2026, DeFi Llama statistics show that the total amount stolen across all categories of DeFi protocols reached $7.751 billion. This statistical scope is extremely broad. The overall data includes cross-chain bridges, decentralized exchanges, derivative protocols, blockchain game-related projects, digital wallets, underlying infrastructure failures, and non-lending DeFi businesses.
Among them, cross-chain bridges are the hardest hit area: after removing security incidents related to cross-chain bridges, the total theft loss in the DeFi field is reduced to $4.518 billion.
Code execution strictly follows written instructions, not the developer's ideal expectations, which is the root cause of frequent vulnerabilities. It is meaningful to categorize risks well: DeFi is not a single sector with unified risks. Cross-chain bridge theft, DEX oracle manipulation, wallet phishing scams, and collateral asset vulnerabilities in lending markets are all completely different types of risks.
Among all DeFi protocols, lending markets are attacked most frequently, for a very straightforward reason: large amounts of assets are locked in smart contracts for extended periods, making them primary targets for hackers.
Lending protocols and automated market makers (AMMs) are sectors with high incident rates. Their core commonality is the need to pool large amounts of assets into smart contracts. Apart from cross-chain bridges, the vast majority of security incidents are concentrated in these two types of protocols. This article will focus on the lending and capital borrowing sector for analysis.
Fund Loss Rate Has Greatly Improved
Today, the overall TVL of DeFi is far higher than in the early stages of frequent vulnerabilities, especially in the lending sector. Projects have more mature risk control systems, more comprehensive code audits, and increasingly sophisticated real-time network-wide risk monitoring. Excluding cross-chain bridge incidents, the actual annualized theft loss proportion for lending businesses in EVM and Solana ecosystems has significantly decreased.
Euler even set a classic risk handling case by successfully recovering all stolen assets. In 2023, Euler was hacked for $197 million, not only fully recovered but also ended up with $240 million due to asset price fluctuations, achieving a positive surplus. This also widened the gap between book losses and actual recovery amounts in the industry.
Taking May 16, 2026 as the cut-off point and summarizing data from the past year:
- Total book loss from thefts in non-cross-chain lending businesses on EVM and Solana: $30.9 million
- Actual net loss after deducting asset recoveries: $30.1 million
- Average daily locked capital size in the lending sector: $99.6 billion
- Book fund loss rate: 3.1 basis points
- Actual net loss rate: 3 basis points
Converted, the annual capital loss remains stable at about 0.03% of the total lending TVL.
Advantages of Asset Diversification
DeFi security incidents show a clear polarization characteristic: a very small number of extremely high-value theft incidents account for the vast majority of the industry's publicly disclosed total losses. Charting the scale of incidents on a logarithmic scale reveals that the scale of various theft events roughly follows a log-normal distribution. Visually, the vast majority of security incidents result in relatively small losses, with high-value thefts concentrated in only a few extreme cases.
Although ChatGPT expressed a different opinion, I believe this data strongly proves that portfolio diversification is an excellent method to prevent crime.
From the perspective of risk transfer and commercial insurance, this data model also provides reasonable support for industry security insurance businesses. Insurance institutions can set single-claim limits for different protocols and conduct underwriting business in an orderly manner.
Furthermore, the vast majority of theft incidents have limited impact, far from enough to shake the entire capital pool of the lending sector. Moreover, the larger the overall size of the sector, the smaller the impact a single security event has on the whole.
Note: For some theft incidents where the loss amount appears to exceed the project's own TVL, such cases are uniformly counted as 100% loss. There are two main reasons for this data discrepancy: first, there is a time lag between the TVL statistics time and the security incident occurrence time, causing asset volumes to change; second, DeFi Llama's TVL statistical scope is inconsistent with the actual standards for assets at risk exposure.
Although this measurement method is not absolutely perfect, it clearly reflects the industry's current state: the vast majority of vulnerability attacks only affect a single business module within a lending protocol; it is extremely rare for the entire asset pool to be compromised, especially for large-scale leading projects. This research data also provides key basis for DeFi industry risk hedging and asset security custody businesses.
Asset Recovery Capability is Crucial
Asset recovery has also greatly optimized the actual risk performance of the DeFi lending sector. Based on DeFi Llama's all-category DeFi theft data, the overall industry asset recovery amount accounts for about 8% of the total book loss. However, after excluding cross-chain bridge incidents, the asset recovery ratio for the EVM and Solana lending sector is even higher, reaching about 20% of the book loss.
Asset recovery success rates are generally higher for theft cases occurring in regions with well-established legal systems and mature regulatory governance. This phenomenon also hints at industry insights related to access permissions.
Positive Industry Outlook
Today, the security risks in the DeFi lending sector have become quantifiable and classifiable, with the actual fund loss ratio continuously declining. Data proves the industry has entered a mature development stage: actual vulnerability theft losses are extremely low relative to the sector's massive existing capital, various risks are clearly identifiable, and risk boundaries are increasingly transparent.
In conclusion, there's no need to be swayed by external bearish rhetoric; data and facts are sufficient to confirm the true risk level of the DeFi lending sector.
