Decentralized Finance (DeFi) is on the way to revolutionize financial services by offering transparency, accessibility, and autonomy. However, as the sector expands, so do the risks. A recent study titled Mapping the DeFi Crime Landscape: An Evidence-Based Picture sheds light on the scope and scale of illicit activities within the DeFi ecosystem, providing much-needed data to understand the vulnerabilities in this rapidly evolving space.

Bernhard Haslhofer, Co-Founder and Head of Research & Development at Iknaio, played a key role in this study. His research contributes significantly to understanding and classifying the risks associated with DeFi and provides the financial industry with essential insights to navigate this emerging field.

A Multi-Billion Dollar Problem

Between 2017 and 2022, the crypto industry suffered an estimated minimum loss of $30 billion due to criminal activities, with DeFi accounting for one-third of these losses. The study categorizes these crimes into three primary forms of exploitation:

1. DeFi Actors as Targets – 52% of incidents involved direct attacks on DeFi platforms, primarily exploiting technical vulnerabilities such as contract flaws, oracle manipulation, and transaction-based attacks.

2. DeFi Actors as Perpetrators – 41% of incidents were cases where DeFi projects themselves engaged in fraudulent activities, most commonly rug pulls or other contract-based manipulations.

3. DeFi Actors as Intermediaries – 7% of cases involved impersonation attacks, where malicious actors used phishing campaigns or front-end attacks to deceive users.

Technical Weaknesses: The Leading Risk Factor

The study highlights that smart contract vulnerabilities remain the Achilles' heel of DeFi. More than 30% of all recorded crime events stemmed from contract flaws, ranging from access control loopholes to re-entrancy exploits. These attacks, often highly technical, result in significant financial losses, with some individual incidents exceeding $1 billion in damages.

Interestingly, while DeFi platforms were frequently targeted, they were not always the most financially damaging victims. The research found that human risk factors, such as insider collusion or poor security practices, resulted in some of the highest-value thefts per incident—often exceeding $2 million per event.

Where Do the Biggest Losses Occur?

The research mapped crime events across different layers of the DeFi tech stack, revealing that:

• The most exploited layers were DeFi protocols and cryptoassets, with the DeFi Protocol Layer experiencing the highest number of attacks.

• The highest financial damages occurred at the interface level, where front-end and oracle-based exploits allowed hackers to extract significant sums.

• Rug pulls and market manipulation schemes were overwhelmingly concentrated in the cryptoasset layer, where malicious actors created deceptive tokens and liquidity pools to siphon funds from users.

Enabling Financial Institutions to Assess DeFi Risks

A key takeaway from this study is that financial institutions are exposed to DeFi risks—whether directly or indirectly. These risks are often underestimated because traditional risk assessment tools are not designed to detect DeFi-specific threats.

Iknaio’s advanced data platform provides the numbers, data, and insights that make such research possible. Without precise, data-driven visibility into blockchain transactions and the risks they entail, neither financial institutions nor regulators can fully grasp the exposure to DeFi-related threats.

Iknaio’s solutions empowers financial institutions, regulators and supervisory authorities to:

• Quantify and understand DeFi exposure in a structured and data-driven way.

• Mitigate risks proactively by identifying suspicious transactions, protocol vulnerabilities, and fraud patterns.

• Leverage DeFi opportunities securely, ensuring compliance with existing regulatory frameworks while exploring new financial innovations.

Final Thoughts

As DeFi matures, it faces a dual challenge: preserving its decentralized ethos while fortifying itself against increasingly sophisticated attacks. The study provides a scientifically grounded  foundation for policymakers, developers, and investors to make informed decisions and build a safer, more resilient DeFi ecosystem.