Halborn rated the largest hacks in the Defi sector for February 2025

February 2025 was the most profitable month for hackers in the field of decentralized finance (Defi). The total losses amounted to about $ 1.5 billion, which significantly exceeded the indicators of past periods. The main event was the BYBIT bunny, which ended in the theft of $ 1.4 billion. The researchers recalled that this amount exceeded the previous record by more than 2 times.

In addition to Bybit, 3 more attacks were recorded, within the framework of which hackers were able to steal over $ 1 million. The Ionic Money project lost $ 8.6 million after a successful attack using social engineering methods. On the Zkland platform, cybercriminals took advantage of the rounding error and withdrew $ 9.5 million. Infini digital platform lost $ 50 million due to the actions of a former developer who had access to a private key.

Researchers emphasized that BYBIT HABLE organized a group of hackers from the DPRK – Lazarus Group. Attackers introduced the harmful version of Safe UI, deceiving the validators and conducting a malicious update of the cartoon. Such an attack allowed them to gain control over the main Ethereum wallet.

Experts note that the main vulnerabilities are associated not only with the smart contract code. In many cases, social engineering and a leak of confidential data played a decisive role. The head of the security department Halborn Jacques Boshung emphasized that even with a good audit, it is necessary to pay attention to the protection procedures outside the blockchain.

Lessons from these incidents boil down to the fact that the safety of Defi projects should be complex. Some technical measures are not enough if there are no reliable processes and there are problems with access control. The latest experience was confirming that hackers continue to improve their attack methods, and projects should adapt the protection systems in a timely manner.

Author

Peter Ivanov