‘Hack sizes are declining’ – Why DeFi security fears may be overblown

Binance
fiverr


Some prominent investors in the DeFi sector have downplayed security fears, especially as major AI firms release models with cybersecurity offensive capabilities. 

According to Haseeb Qureshi, managing partner at VC firm Dragonfly, the reported value of DeFi hacks in 2026 was ‘declining in size’ to warrant the overblown security fears. He added, 

Median hack size by year is also declining, showing that we’re moving more toward smaller hacks of smaller protocols.

DeFi security DeFi security
Source: X

His insight was based on the exclusion of Bybit ($1.4 billion) and KelpDAO ($292 million) stolen funds. While the data supports his statement, it was based solely on stolen fund values. 

In 2025, $2.55 billion was lost to exploits ($1.17 billion per year) compared to 2026’s $1.89 billion or $775 million per year. Overall, the median hack size per year has dropped from over $8 million in 2021 to below $1 million in 2026.

Tokenmetrics

Haseeb highlighting that, 

The average dollar in DeFi is as safe as it was a year ago. If you keep your money in large protocols that can afford to harden themselves, you’ll likely be fine.

Will DeFi security concerns derail adoption?

However, the number of hack incidents skyrocketed to record highs in H1 2026. One of his most striking insights was the decline in ‘operational security failures’ or exploits related to admin keys or signing infrastructure. 

For perspective, 75% of the nearly $1 billion stolen in 2026 was linked to operational failures. But Haseeb noted that this trend was dropping too. 

Some have claimed this is because hacks are moving into admin key hacks; admin key/multisig hacks are already included in this dataset. Those are going down in dollar terms as well.

For the unfamiliar, the bank run on leading DeFi lending platform Aave after the KelpDAO hack underscored how the major players were also fragile. 

Amid elevated security risk and 2.7%-3.8% average yield, DeFi became relatively riskier and less lucrative than U.S. Treasury bills. In fact, vaults or automated yield strategies that leverage smart contracts on top of protocols like Aave were the hardest hit. 

Notably, the overall value locked in DeFi vaults dropped from $113 billion to $61 billion before slightly recovering to $65 billion as of writing. 

DeFi DeFi
Source: Diadata

Interestingly, S&P Global Ratings views DeFi vaults as equivalent to managed funds. The rating firm projects that vaults could become a ‘core infrastructure’ for tokenized real-world assets and institutional capital. 

In other words, as tokenization momentum grows, traditional managed funds will evolve into DeFi vaults. But whether the ongoing DeFi security fears will derail this major adoption unlock remains to be seen. 


Final Summary

  • Dragonfly’s Haseeb said DeFi exploits due to ‘operational security failures’ and the average value of hacks were declining. 
  • Capital outflows from DeFi vaults have hit over $50B amid broader market downturn and security concerns



Source link

Coinmama

Be the first to comment

Leave a Reply

Your email address will not be published.


*