Lending protocols are increasingly becoming the target of DeFi exploits as hackers focus on platforms with large vaults.
Over the past year, these protocols recorded 67 attacks, making them the most exploited type of DeFi application. With $53 billion in reported value locked, lending platforms remain highly attractive to attackers seeking high-value targets.
Technical vulnerabilities drive major losses
The main cause of losses in lending protocols is technical error.
Smart contract bugs led to the majority of incidents, accounting for $526 million lost across 48 events.
Compromised private keys or multisig wallets were the second largest contributor.
Even audited protocols experienced significant losses, with $515 million affected.
This highlights the persistent risk in permissionless, on-chain lending.
Protocols often rely on complex smart contracts to manage loans, collateral, and interest payments.
Flash loans can amplify vulnerabilities, allowing attackers to manipulate markets or trigger liquidations.
Some platforms use new tokens for interest, which exposes them to minting exploits.
Price manipulation and oracle errors also contributed to $65 million in losses across 13 incidents, showing multiple attack vectors remain unprotected.
High-value vaults attract hackers
Lending protocols hold significant amounts of stablecoins and major cryptocurrencies such as ETH and BTC, making them primary targets.
Smaller protocols and specific vaults are often exploited first.
Projects like Moonwell suffered attacks due to flaws in pricing data and Oracle integration, emphasizing the risks even in well-known platforms.
Unaudited code remains a major weakness. Among the top 30 DeFi hacks historically, 58.4 percent resulted from unaudited smart contracts.
Out-of-scope exploits caused $193 million in losses, and unaudited contracts lost $77 million across 24 incidents in the past year.
These figures underline the importance of thorough auditing, though audits alone cannot eliminate risk due to complex on-chain interactions.
User-Focused Attacks Continue to Rise
Hackers also target users through cloned decentralized exchanges.
These platforms appear legitimate but hold deposits and charge extra fees for withdrawals. End users remain vulnerable as the DeFi ecosystem expands, highlighting the need for careful interaction with new protocols.
Permissionless access allows rapid growth but exposes investors to sophisticated exploits.
Lending protocols continue to face elevated risks due to technical vulnerabilities and high-value vaults. Smart contract bugs, flawed oracles, and price manipulation remain the top causes of losses.
Despite audits and security measures, permissionless and complex on-chain systems make exploits likely. As DeFi usage grows, lending platforms will remain a key focus for attackers, requiring ongoing vigilance from developers and users.
The post Lending Protocols Face Growing Risk of DeFi Exploits first appeared on Coinfea.
