DeFi has struggled with attacks and exploits in just the first few months of 2026, including losses of over $600 million in April. Estimates place the total amount stolen at around $750-800 million, largely due to two major incidents.
The biggest DeFi exploit of 2026 It was a courtesy Moss DaoWhere attackers stole almost $300 million by exploiting a vulnerability in the protocol’s LayerZero-powered cross-chain bridge.
Ranked second Drift Protocolattributed to North Korea Lazarus Group. Apparently, hackers used social engineering to obtain admin keys, then used fake collateral and price manipulation to empty the vaults.
There are others too.
Nic Puckrina former Goldman Sachs quantitative analyst and current macro analyst and co-founder Office Corner, He says these security bugs put the DeFi ecosystem at risk.
“After a series of hacks and $9 billion in exits, DeFi is facing another existential crisis. But this time, it is competing directly with large institutions entering the space and has little to offer in exchange for risk. Since rates available on stablecoins are just over 5%, there are other ways for investors to earn such returns without the risk of losing their entire funds,” explains Puckrin.
He argues that operators in the DeFi space are still acting as if it is a big technology experiment, but it is not. This is real money.
“The technology works and offers real benefits. What’s still broken is the security culture. Bridges have had a bad reputation for hacking for years but are still being used as a vector for exploitation. At this point, it’s less about innovation and more about a failure to prioritize basic security measures,” he says.
Puckerin believes that DeFi attacks and vulnerabilities have caused institutions to view the technology as amateur operations, and this is a significant problem for an industry that wants to be taken seriously.
Puckrin warns DeFi participants:
“The window to repair DeFi’s image is quickly closing, and taking security seriously is where that starts. We are no longer on the testnet, and the traditional financial world has no patience for incompetence.”
