NewsFlash Articles Data Fundraising Skill&API

DeFi Lending Risk Deconstructed: Annualized Loss is Only 0.03%

Read this article in 12 Minutes

Set aside Prejudice, Reconsider the Security of DeFi Lending

Original Title: DeFi Lending has 3 bps Crime Drag on EVM and Solana
Original Author: Alex McFarlane, Founder of KeyringNetwork

Original Translation: Chopper, Foresight News

Every development in disruptive financial technology inevitably goes through growing pains, and decentralized finance (DeFi) is no exception. The early lending market rapidly went live and expanded massively in scale, only to face various security attacks in the public market, and then gradually explore and improve code security, collateral asset risk management, oracle mechanisms, liquidation logic, and governance systems.

Past risk cases are instructive, but they can no longer represent today's mature DeFi ecosystem. After all, those who only replay history often miss the opportunities of the present.

Excluding cross-chain bridge-related security incidents, the estimated average annual fund loss due to theft and malicious attacks in Ethereum Virtual Machine (EVM) and Solana chain DeFi lending business is approximately 0.03% of the total value locked (TVL) in lending. The analysis data in this report are all aggregated from DeFi Llama platform's recorded hacker attacks and exploitation incidents.

The core criterion for assessing security risks is: How large is the actual exploit loss relative to the amount of funds in the market?

A loss rate of three basis points is roughly equivalent to the probability of an American accidentally slipping and fatally falling. Therefore, ignoring the widespread market panic, the actual security risk of DeFi lending business is actually at a relatively low level.

Breakdown of DeFi Security Incidents

As of May 16, 2026, DeFi Llama's statistics show that the total amount stolen from all DeFi protocols reached $7.751 billion, covering a wide range of categories. The data includes cross-chain bridges, decentralized trading platforms, derivative protocols, blockchain games-related projects, digital wallets, underlying infrastructure failures, and non-lending DeFi businesses.

Among them, cross-chain bridges are a high-risk area: Excluding cross-chain bridge-related security incidents, the total loss from theft in the DeFi sector is reduced to $4.518 billion.

Code execution strictly follows written instructions, not developers' ideal expectations, which is also the root cause of various vulnerabilities. Proper risk classification is significant: DeFi is not a uniformly risky single track; cross-chain bridge theft, DEX oracle manipulation, wallet phishing scams, and lending market collateral asset vulnerabilities are all completely different types of risks.

Among all DeFi protocols, the lending market has experienced the highest frequency of attacks, mainly due to a large amount of assets being held in smart contracts, making them a prime target for hackers.

The lending protocols and Automated Market Makers (AMMs) are high-risk areas for security incidents, with a key similarity being the need to aggregate a significant amount of assets into smart contracts. Excluding cross-chain bridges, the majority of security events have been concentrated in these two types of protocols. This article will focus on the lending and money market race track for further analysis.

Significant Improvement in Fund Loss Rate

Today, the overall TVL of DeFi is much higher than during the early stages of the industry's vulnerability-ridden period. Particularly in the lending track, project risk management systems are more mature, code audits are more comprehensive, and real-time network-wide risk monitoring has become more robust. After excluding cross-chain bridge incidents, the annualized actual loss due to theft in EVM and Solana's DeFi lending business has dropped significantly.

Euler set a classic risk response case by successfully recovering all stolen assets. In 2023, Euler was hacked for $197 million, not only fully recovering the funds but also recouping $240 million due to asset price fluctuations, achieving a net positive balance. This also highlights the gap between industry's book losses and the actual recovery amounts.

As of May 16, 2026, as a reference point, the following data from the past year is compiled:

· Total book loss from non-cross-chain EVM and Solana lending business theft: $30.9 million

· Actual net loss after asset recovery: $30.1 million

· Daily average locked-in funds in the lending track: $99.6 billion

· Book Fund Loss Rate: 3.1 basis points

· Actual Net Loss Rate: 3 basis points

Overall, the annual fund loss remains stable at around 0.03% of the total locked value in the lending market.

Advantages of Asset Diversification

DeFi security incidents exhibit a clear bimodal distribution: a very small number of extremely large-scale theft events account for the vast majority of publicly disclosed industry losses. By examining the scale of incidents on a logarithmic scale, it is evident that the scale of various theft events approximately follows a log-normal distribution. Generally, most security incidents result in small losses, with high-value thefts being concentrated in a few extreme cases.

Despite ChatGPT proposing a different view, I believe this data strongly demonstrates that portfolio diversification is an excellent method to prevent crime.

From the perspective of risk transfer and commercial insurance, this data model also provides reasonable support for the industry's security insurance business. Insurance institutions can set single claim limits for different protocols to orderly conduct underwriting.

Furthermore, the vast majority of theft incidents have limited impact, far from enough to shake the entire lending track's fund pool. The larger the overall track volume, the smaller the impact of a single security event on the overall situation.

Note: In some theft incidents, the loss amount may seem to exceed the project's own locked market value. Such cases are uniformly counted as 100% loss.

There are two main reasons for this data discrepancy: first, there is a time difference between the locked market value statistics time and the security incident occurrence time, and the asset volume has changed; second, DeFi Llama's lock-up statistics criterion is inconsistent with the standard for statistically assessing assets at risk.

Although this calculation method is not absolutely perfect, it is sufficient to clearly reflect the industry's current situation: the vast majority of exploit attacks will only affect a single business module within the lending protocol, with very few cases of total asset collapse, especially for large-volume projects. This research data also provides a key basis for DeFi industry risk hedging and asset security custody services.

The Importance of Asset Recovery Capability

Asset recovery has also significantly optimized the actual risk performance of the DeFi lending track.

Looking at the overall DeFi theft data from DeFi Llama, the industry's total asset recovery amount accounts for about 8% of the book total loss; after excluding cross-chain bridge events, the asset recovery ratio for the EVM and Solana lending tracks is higher, reaching around 20% of the book loss.

In regions with a sound legal system and mature regulatory governance experiencing asset theft cases, the success rate of fund recovery is generally higher. This phenomenon also implies industry insights related to admission permissions.

Promising Industry Outlook

Today, the security risks of the DeFi lending track have become quantifiable and classifiable, and the actual fund loss ratio continues to decrease. Data proves that the industry has entered a mature development stage: actual vulnerability theft losses are extremely low compared to the track's huge existing fund share, all kinds of risks are clearly distinguishable, and the risk boundaries are becoming increasingly transparent.

Overall, there is no need to be swayed by external pessimistic views. Data and facts are sufficient to attest to the true risk level of the DeFi lending track.