DEFI has shed more than half its value since October
Decentralized finance total value locked has fallen from roughly $167 billion in October 2025 to around $71 billion, as a broad crypto correction and a record wave of exploits drain capital from the sector.
Capital Drains from DeFi
Money is leaving decentralized finance at a pace that is difficult to ignore. DefiLlama data shows total value locked (TVL) has collapsed from a peak near $167 billion in October 2025 to around $71 billion now, more than halving in roughly eight months. The chief product officer at risk intelligence platform CORE3 put a finer point on it, noting that TVL dropped from $164 billion prior to the October liquidation event to approximately $73 billion, according to Crypto Economy.
Two forces are pulling capital out. The broader crypto correction has rotated money toward AI stocks, with BlackRock noting that AI is taking oxygen away from $BTC-native and other non-AI assets. And the hack problem in DeFi has become relentless.
A Record Quarter for Exploits
The second quarter of 2026 was the worst stretch on record for DeFi exploits by incident count. According to DefiLlama data cited by Unfolded, 83 separate hacking incidents were recorded in Q2 2026, resulting in $755.3 million in losses and making it the most-hacked quarter by incident count. The Financial Times reported that nearly $14 billion was pulled from the sector in direct response to the attacks.
The biggest attacks in Q2 were the $293 million KelpDAO exploit and the $280 million Drift Protocol breach, which accounted for more than three-quarters of the losses recorded during the period. Cross-chain bridge vulnerabilities emerged as the dominant attack vector, accounting for $351 million, or nearly half, of the quarter's total losses.
North Korean state-linked hackers around the Lazarus Group are believed to have accounted for approximately 76% of crypto-related hack losses globally this year, including the Drift and KelpDAO heists. Notably, neither the Drift nor KelpDAO exploits stemmed from flawed smart contract code. Both attacks exploited operational and infrastructure weaknesses instead.
The figures suggest that cybercriminals are increasingly opting for smaller but more frequent attacks rather than relying on occasional mega-heists. Mitchell Amador, CEO of bug bounty platform Immunefi, stated that the proliferation of new artificial intelligence models has tilted the playing field in favor of attackers, generating what he described as a "vulnerability apocalypse."
Sources:
Crypto Economy: Q2 2026 most-hacked quarter, $755M stolen
Finextra: DeFi hacks are exploding
AltFins: DeFi Hacks 2026, $840M+ Lost
Latest News
Read More...
(Advertisement)
Author
Crypto RichRich has been researching cryptocurrency and blockchain technology for eight years and has served as a senior analyst at BSCN since its founding in 2020. He focuses on fundamental analysis of early-stage crypto projects and tokens and has published in-depth research reports on over 200 emerging protocols. Rich also writes about broader technology and scientific trends and maintains active involvement in the crypto community through X/Twitter Spaces, and leading industry events.