Post-hack Recovery is hard for DeFi Protocols; Majority Vanish

  • After the hack, most DeFi protocols see around a 96% drop in TVL. 
  • A significant cause is the supposed loss of trust and exposed vulnerability. 

There’s a famous quote that says, Why do we fall? So we can learn to pick ourselves up. Decentralized Finance protocols get hacked; some recover while some don’t. But even after they could recover the lost fund, picking themselves up is not always possible. Studies show that after the hack, most DeFi protocols fail to heal and fade away, and their TVL takes a big hit.

Defi Protocols, Hacks, and Recovery

DeFi lending protocol, Euler Finance suffered a $200 Million hack in March 2023, but they somehow managed to recoup the lost funds. At press time, the Total Value Locked (TVL) was just $114,575, around $299 Million in March. The study involving the top five hacks in dollar terms shows that TVLs at these protocols were down by at least 96%. 

Source: Euler; Defillama

Beanstalk was hacked for $181 Million on April 17, 2022; TVL then was $36 Million. Currently, it is down by 100%, with a TVL of $0.0. CREAM suffered the attack of $130 Million on October 27, 2021. TVL then was $1.639 Million, currently $52 Million, and down by 97%. 

BonqDAO also faced a $120 million hack on February 1, 2023. TVL was then $13 Million; now it is $0.0, down by 100%. BadgerDAO was also hacked for $120 Million on December 2, 2021; TVL then was $1,211 Million, currently hovering around $42 Million, and down by 96%. Mango Markets lost $115 Million on October 10, 2022; TVL at the time was $115 Million and currently is down by 100% to $0.0.

Euler managed to recover the lost fund on April 3, 2023, but it is still down by 28%. Hardships for the protocol do not end here; its Head of Risk, Seraphim Czeclar, stepped down from the position on April 19, 2023. 

Even though every protocol mentioned above was hacked differently, a typical drop-in TVL is an unforeseen similarity. Beanstalk hackers used hyper-short or flash loans to exploit the protocol and used governance attacks for further damages. 

Flash loans were also involved in CREAM’s hack, but the hacker manipulated the protocol into thinking that the hacker-controlled $3 Billion worth of assets. He deposited as collateral and drained the protocol from a considerable sum of lendable assets. 

BonqDAO hack involved manipulating price feeds, which, similar to CREAM, made protocol think that the hacker owned more tokens than they did. BadgerDAO’s case involved a Phishing attack, while Mango Markets’ hack was the exploitation of their loopholes. 

Even after the developers removed the vulnerability, getting up was difficult for them after the fall. Their reputation as a trusted protocol gets damaged; even if they claim to have indulged multiple governance protocols dedicated to its recovery, they fail to attract investors. 

For instance, Uranium Fiance suffered a hack of $57 Million in 2021, which made them disappear forever. Thorchain was attacked twice for $8 Million and $5 Million in 2021, but they are surviving with a TVL drop of around 57% and the overall drop of $44%. 

Hack on a protocol hinders the investors’ trust, so they start moving away from them. So picking themselves up from falling is a more demanding task for some than others. 

Nancy J. Allen
Latest posts by Nancy J. Allen (see all)

Source: https://www.thecoinrepublic.com/2023/04/23/post-hack-recovery-is-hard-for-defi-protocols-majority-vanish/