The total value lost to exploits in decentralized finance protocols (DeFi) fell to $680.3 million in 2025, a 74% drop from the $2.62 billion recorded in 2022, according to a new report from Web3 security firm Immunefi. The data, cited by The Block, indicates that despite widespread industry concerns about the security risks associated with artificial intelligence, the DeFi ecosystem is becoming measurably more secure.
Steep decline in both total losses and average incident costs
The report highlights a parallel decline in the average loss per exploit, which fell by 75% from $6 million in 2022 to $1.5 million in 2025. This suggests that not only are there fewer large-scale attacks, but the financial impact of each successful exploit is also shrinking. Immunefi’s findings cover a wide range of on-chain protocols, lending platforms and cross-chain bridges that have historically been prime targets for attackers.
AI threats remain theoretical as real-world security improves
Much of the recent discussion surrounding DeFi security has focused on the potential for AI-powered attacks, including automated vulnerability scanning and advanced social engineering. However, Immunefi’s data suggests that actual security improvements – such as better audit practices, faster bug bounty programs, and more robust smart contract standards – are outpacing the threat landscape. The report notes that the DeFi sector is becoming increasingly secure, even as AI tools become more accessible to malicious actors.
What this means for the broader crypto ecosystem
For both institutional investors and private users, the downward trend in operating losses indicates a maturing market. Security remains a top priority for DeFi adoption, and the data provides concrete evidence that the industry’s investments in protective infrastructure are paying off. It also shifts the narrative from fear-driven headlines to a more balanced view of risk and reward in the decentralized finance sector.
Conclusion
The 74% reduction in DeFi exploit losses between 2022 and 2025 represents a major milestone for Web3 security. While no system is immune to attacks, the Immunefi report underlines that the ecosystem is learning from past incidents and building more resilient protocols. Continued vigilance and proactive safety measures will be essential to continue this positive trajectory.
Frequently asked questions
Question 1: What caused the 74% drop in losses from DeFi exploits?
The decline is attributed to improved smart contract audits, faster bug bounty programs, better incident response practices, and the overall maturation of security infrastructure in the DeFi ecosystem.
Question 2: Are AI-powered attacks a real threat to DeFi?
While AI tools are a growing problem, the Immunefi report indicates that actual security improvements have so far surpassed AI-driven threats. The industry is actively preparing for possible AI attacks.
Question 3: Which types of DeFi protocols were most affected by exploits in 2025?
The report covers a wide range of protocols, but cross-chain bridges and lending platforms have historically been the most targeted. The overall trend shows declining losses in all major categories.