How Did DeFi Miss $758M in Q3-2023?

DeFi is a great crypto space to be in. However, one of its downsides is the hacks and exploits. In 2023 alone, DeFi already lost $1.3 billion. More than 50% was during Q3, totaling $758 million.

This spread out over 116 cases. The De.Fi platform published a report about Q3’s DeFi exploits. So, we’re going to take a closer look at this DeFi report by De.Fi and recap it.


Source: De.Fi report

What Are the Exploit Trends in DeFi?

There’s an uptrend in DeFi exploits. There were 166 cases in Q3-2023. During the same Q3-2022, there were 110 cases. These cases consisted of scams, exploits, and sometimes also unintended losses. 

However, the top three cases stood out. They combined around 64% for Q3 23 with $484 million. For instance:

  • Multichain saw losses of $231.1 million.
  • The Mixin Network saw $200 million in losses.
  • CoinEx had a $52.8 million loss.

Access Control was the biggest culprit, with $319 million. It should come as no surprise that most losses are incurred on Ethereum. It’s the biggest chain in DeFi after all. Likewise, it accounted for 48.7% of all losses in Q3-2023. This involved 72 of the 116 cases. The BNB-Chain came in second with #13.5 million, while CEXes ‘only’ lost $37 million. Newer chains and L2s, like Arbitrum or Optimism, also saw losses. However, they were not as significant as Ethereum or BNB. You can check De.Fi’s database is here.


Source: De.Fi report
The Most Common Exploits

Rug pulls were the most common exploit. Q3 saw 78 rug pulls with $ $49.8 in losses. On the other hand, Access Control saw only 6 cases. However, these cases counted for $319 million, or 42%! Reentrancy attacks make up for 8 cases and $65.8 million in losses. This is when a bad actor keeps exploiting the victim’s smart contract, until it’s empty. There were also 12 incidents with General Exploits, causing $82.2 million damage. On a lesser scale, but still worth mentioning, there were, for example:

  • Flash loan attacks.
  • Honeypots.
  • Phishing. 
  • Oracle issues.


Source: De.Fi report
What Are the Attack Vectors?

Tokens were the prime target of all attack vectors. This vector saw a total of 80 cases. Exchanges were next in line, with 8 cases. These were mostly DEXes. Lending and borrowing protocols had a total of 4 cases. Furthermore, the emerging gaming and metaverse space saw a single case. However, this was a significant case. 

On the recovery side, there’s plenty of room for improvement. In Q3, there was only $8 million recovered. The space needs other platforms or measures to track and recover funds. The Lossless Protocol comes to mind. It provides features that can detect shady transactions.


Source: De.Fi report
Q3-2023 Top Cases

Let’s take a look at some top cases during Q3.

  • Multichain $231 million

Multichain was one of the big cross-chain bridge operators in the DeFi space. However, it saw exploits totaling $231 million. It also appears that this may have been a rug. The Chinese police first arrested the CEO, Zhaojun. Later, they also arrested his sister. 

Somebody withdrew $125 million, with $120 from the Fantom bridge. For more details, check this report from Chainalysis. Multichain ceased operations after these incidents.

  • Mixin Network $200 million

In September 2023, the Mixin Network experienced an exploit. The platform lost a staggering $200 million. The attacker was well-skilled. He looked for specific vulnerabilities. He found these in the database of the network’s cloud service provider. 

This had some serious and immediate impact. It resulted in the platform suspending all withdrawals and deposits. The native XIN token slumped by 8%.

  • CoinEx $52.8 million

CoinEx is a trading platform. They lost $52.8 million in September 2023. The bad actors managed to compromise the private keys of the platform’s hot wallets. In total, they exploited 9 different chains.

  • Vyper $50.5 million

Vyper is a compiler. This is a tool, needed to write smart contracts. However, there were a few Vyper versions that had a weak point. The attacker exposed these successfully. As a result, various projects lost funds, to the tune of $50.5 million. However, $6.8 million of the stolen funds was recouped.

  • Stake $41.4 million

Stake is a gambling platform. It also took a hit in September 2023. Once again, the bad actors managed to get control over the hot wallets’ private keys. As a result, they could attack various networks. For instance, Ethereum, BNB, and Polygon. This resulted in siphoning a wide token range from the platform. The bad actor still had $13 million sitting on the 3 chains in October.


Unfortunately, the DeFi space is vulnerable to hacks and exploits. This resulted in Q3-2023’s loss of $758 million. We looked at De.Fi’s report and recap it in this article.


The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted levels of risk tolerance of the writer/reviewers, and their risk tolerance may be different from yours.

We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments, so please do your due diligence.

Copyright Altcoin Buzz Pte Ltd.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.