In brief

  • $156 million was stolen from DeFi-related hacks between January and April, according to CipherTrace.
  • That number has risen along with the total amount of money locked up in DeFi.

DeFi hacks accounted for $156 million of the $432 million in crypto stolen between January and April, according to a new report from the blockchain analytics startup CipherTrace.

It’s more than was stolen from DeFi protocols in all of 2020. CipherTrace says that the $156 million stolen in hacks doesn’t include an additional $83.4 million pilfered through “DeFi-related fraud.” The most recognizable scheme under this heading is known as a “rug pull,” and involves token holders suddenly cashing out and making off with investors’ money.

The label “DeFi,” or decentralized finance, can refer to any sort of non-custodial protocol using blockchain technology. The idea is that your money is only ever being handled by the code itself, rather than a banker or investment manager. But that code has to come from somewhere: hackers are always a risk, but developers can design DeFi systems with hidden mechanisms that allow them to drain money at will. From the outset, DeFi has been one of the riskier investments in an already risky financial ecosystem.

That the amount of money stolen from these protocols is up this year shouldn’t come as a surprise, given how much the DeFi universe has expanded over the past few months. According to DeFi Pulse, the total value “locked” in DeFi (i.e. entrusted to the code) is now $85 billion, up from $16 billion on January 1.

Yearn.Finance, a kind of crypto lending project, was hacked for $11 million in February, and $5.7 million was stolen from a platform called Roll in March.

Other hacked DeFi projects include EasyFi, Furucombo, and Dodo.