Crypto-related crime is increasingly migrating away from traditional targets such as centralized exchanges and into decentralized finance, according to CipherTrace’s latest Cryptocurrency Crime and Anti-Money Laundering Report. Based on data from the first four months of the year, the report argues that while the broader cryptocurrency industry appears to be becoming more secure in aggregate, the center of gravity for attacks has shifted toward DeFi applications and protocols.
Lower Total Losses, But a Different Threat Landscape
CipherTrace found that total losses from illicit activity across the crypto sector reached $432 million during the period it studied. That figure is substantially lower than the $1.9 billion the firm said was stolen during 2020. On the surface, that suggests improved security across parts of the industry. But the report’s more important conclusion is that attackers are not disappearing—they are redirecting their efforts.
According to CipherTrace, DeFi scams and exploits accounted for $156 million in losses in the period covered by the report, already exceeding the amount taken from the sector during all of 2020. In other words, even as the overall crypto environment may be losing less money to crime than in the prior year, DeFi is absorbing a rapidly growing share of that damage.
The company links this trend to the explosive growth of decentralized finance itself. CipherTrace said DeFi now represents more than one-third of all Ethereum activity, making it a much larger and more attractive hunting ground for hackers, scammers, and opportunistic insiders than it was just a year earlier.
Why DeFi Has Become a Prime Target
The report highlights several reasons why DeFi has become especially vulnerable. First, smart contracts can be exploitable, particularly when projects move quickly, deploy unaudited code, or fail to anticipate adversarial behavior. Second, end users may be more exposed to manipulation in environments where protocol interactions are complex and risk disclosures are uneven. Third, DeFi has become closely associated with rug pulls, in which project teams or insiders alter key logic, remove liquidity, or otherwise drain value from users.
These features do not make all DeFi platforms unsafe, but they do create a security profile that differs from that of centralized exchanges. In DeFi, the attack surface often extends beyond a company’s infrastructure into token economics, governance design, private key custody, and immutable code deployed on-chain. As capital concentration rises, the consequences of failure rise with it.
Major Cases Cited in the Report
CipherTrace pointed to several high-profile incidents to illustrate the scale and variety of DeFi-related losses. The largest case mentioned was the exploit involving PAID Network, where attackers were able to mint roughly $150 million worth of the project’s currency. The project acknowledged the incident and responded by pulling liquidity and minting another token, but the damage to holders was severe. According to the report, PAID lost more than 85% of its value, inflicting heavy losses on investors and users caught in the fallout.
Another major event involved Easyfi, a Polygon-based DeFi protocol. CipherTrace said the project lost around $80 million because of a security weakness that enabled hackers to steal wallet private keys from the computer of a team member. The case underscored a recurring reality in decentralized systems: even when protocols are marketed as trust-minimized, operational security at the human level can still become the single point of failure.
The report also referenced the incident involving Meerkat Finance, where approximately $31 million in BNB was taken after the team modified the logic of the smart contract. CipherTrace described the event as a significant hack and noted that it was suspected to have been a rug pull. The case added to concerns that in some parts of the DeFi market, insider risk can be just as important as outside attacks.
DeFi Growth and Security Pressure
The broader implication of the report is that DeFi’s success may be amplifying its own security problems. As more liquidity flows into decentralized protocols, the incentives for attackers increase. At the same time, many projects compete on speed, novelty, and yield, sometimes at the expense of battle-tested controls. This combination can create ideal conditions for exploits, private key compromises, and governance abuses.
CipherTrace’s findings suggest that the industry should not interpret lower aggregate losses as proof that crypto crime is fading. Instead, the data points to a transition: the problem is moving into a newer and faster-growing segment of the market. That makes risk analysis more complex, because losses may arise not only from exchange breaches or straightforward scams, but also from code vulnerabilities, token minting flaws, contract upgrades, and administrative privilege misuse.
For investors and users, the report reinforces the importance of understanding how a DeFi protocol is structured before committing capital. Security audits, key management practices, transparency around admin controls, and the ability of a team to modify contracts all matter. For the industry at large, the report serves as another reminder that decentralized finance cannot scale sustainably without stronger security discipline.
CipherTrace ultimately expects hacks and exploits in DeFi to continue, potentially at an even larger scale, as the sector becomes more relevant to the broader crypto economy. If that outlook proves correct, DeFi will remain not only one of crypto’s most innovative frontiers, but also one of its most consequential security battlegrounds.

