Data from The Block reveals that a total of $606 million has been stolen in DeFi (Decentralized Finance) attacks in the year 2021, so far.

The year 2021 has seen the cryptocurrency space witness 70 of the biggest DeFi exploits across four blockchain platforms. The majority of the exploits happened on Ethereum, with 34 exploits. Coming in second place is the Binance Smart Chain (BSC) with 25 exploits. Three exploits were perpetuated on Polygon and two on Avalanche.

According to the data, $1.31 billion was initially taken from DeFi protocols through exploits and bugs, but $704.25 million has been returned.

What you should know

Data revealed that Cream Finance has the largest exploit this year with $130.8 million stolen from the DeFi platform. This attack accounted for 21.58% of the total DeFi exploits.

Close runner up was the exploit that happened on Compound, where $62 million was stolen from the platform, accounting for 10.23%. Uranium Finance took the third spot with $51 million stolen from the platform, accounting for 8.41% of total attacks.

There were 34 flash loan attacks accounting for $355.01 million of the total attacks, with the highest month being October, where $150 million was stolen. Flash loan attacks account for 58.57% of the total exploits for the year.

Exploits that did not involve using flash loans accounted for $251.123 million, with September being the highest month with $117.9 million stolen from DeFi platforms. They account for 41.43% of the total exploits for the year.

The Ethereum blockchain accounted for a total $363.65 million of the stolen funds, accounting for approximately 60% of the total funds stolen during the year. The Binance Smart Chain (BSC) accounted for the second-largest, with $200.43 million stolen in 2021, so far, accounting for 33% of the total exploits. Polygon accounted for $2.65 million.

Three of the five biggest hacks were for Poly Network, which lost $611 million in total before it was then all returned. Late last month, Cream Finance was exploited for $130 million using a large flash loan. Compound also suffered a bug in September that led to the unintended release of $114 million in COMP tokens, of which about half was returned.


August was the month with the largest recovered funds with $634.15 million recovered while May was the month where the most funds were stolen, accounting for $158.78 million. The data doesn’t include rug pulls and other crypto swindles as it only focused on DeFi protocol exploits.