How The DeFi Industry Can Strengthen Its Cyber Defenses

Originally posted on: https://www.forbes.com/councils/forbestechcouncil/2025/11/10/how-the-defi-industry-can-strengthen-its-cyber-defenses/

Decentralized finance (DeFi) and digital assets have revolutionized finance. However, as these trends gain mainstream acceptance, cyber threats are evolving just as rapidly. 

With over 20 years in cybersecurity governance, risk and compliance, I’ve recently led projects concerning the regulatory requirements and risk assessments of digital assets. Through conducting risk assessments and designing compliance frameworks, I’ve seen both the increased scale of the risk and the efforts to address these concerns.

With cyberattacks becoming increasingly frequent, the question remains whether the DeFi industry is adequately prepared to combat these rising threats.

The Increasing Frequency Of Hacks

Digital assets have long been an attractive target for cybercriminals due to their pseudonymous transactions and relatively unregulated nature, but the attacks seem to be rising in both scope and frequency.

In fact, there have already been large-scale digital asset breaches just this year. The Lazarus Group is suspected of one of the largest digital assets heists in history, stealing $1.5 billionfrom Bybit’s Ethereum cold wallet. Likewise, Coinbase suffered a major insider-driven data breach affecting nearly 70,000 users, with attackers bribing overseas support agents to access sensitive personal information. The company now faces up to $400 million in remediation and security costs.

According to Chainalysis, at least $40.9 billion was received by illicit addresses in 2024, but they estimate the total may be closer to $51 billion. These developments indicate that digital asset hacks are no longer isolated incidents. Instead, they represent a systemic challenge that the industry must urgently address.

Likewise, M2 Recovery, an insurance company focused on recovering stolen digital assets, found that increasingly sophisticated methods like phishing and man-in-the-middle attacks are being used to steal digital assets. In 2023, their research showed that it cost upwards of £250,000 to investigate and recover lost assets.

Why DeFi Is Vulnerable

The DeFi ecosystem remains vulnerable to exploitation due to several structural weaknesses, including:

• Unaudited Smart Contracts: These self-governing computer programs that control digital agreements might have weak spots if they haven’t been carefully checked.

• Insecure Cross-Chain Bridges: These tools help move digital assets or data between different blockchains. However, these bridges must be built securely.

Furthermore, the industry’s focus on transaction speed and efficiency can lead to trade-offs that compromise security, leaving platforms vulnerable to exploitation.

Compounding these technical risks are regulatory gaps that hinder enforcement. Unlike the banking sector, many digital asset activities don’t have clear regulations yet, with different rules in different countries, creating ongoing uncertainty about how to manage compliance requirements.

Perhaps partly because of this uncertainty, the digital assets industry remains largely reactive, addressing security flaws only after breaches have occurred.

However, some security advancements in security are a cause for optimism.

For instance, many DeFi platforms now require multifactor authentication to prevent unauthorized access. Cold storage solutions have also become more prevalent, with leading platforms storing the majority of assets in offline cold wallets (registration required) to reduce exposure to online threats. Additionally, AI-powered fraud detection tools are being integrated into DeFi platforms to monitor transactions and suspicious activities.

Strengthening Cybersecurity 

To mitigate the increasing cyber threats, industry leaders must shift from reactive security measures to proactive strategies. Several key areas require improvement to ensure stronger defenses:

1. AI-Driven Security Solutions: AI-powered fraud detection systems can analyze transactions to spot unusual behavior and stop fraud. In fact, Deloitte has suggested that advanced technologies, like AI anomaly detection, are no longer optional but a necessity in fraud detection. 

2. Enhanced Regulation And Compliance: Governments and firms are working together to create clearer rules around digital assets. Regulations like the EU’s MiCAR framework and the U.S. SEC guidelines enforce transparency, anti-money laundering (AML) and know-your-customer (KYC) policies on DeFi platforms, helping prevent bad actors from abusing the system. The regulatory environment remains complex but is evolving toward stronger oversight.

3. Digital Asset Insurance And Asset Recovery: Digital asset insurance is growing, with firms offering policies to protect against hacks and losses. For example, firms review the effectiveness of insurance products and rapid asset-freezing techniques to recover stolen funds quickly and reduce losses.

While DeFi hacks are increasing at an alarming rate, these strategies can significantly reduce cybercrime risks and provide a safer environment.

It’s also important to note that the major breaches serve as a stark reminder that cybersecurity is not just about protecting assets but also safeguarding user data. Insider threats, social engineering and weak security protocols can lead to devastating consequences. DeFi’s future depends on how effectively it addresses these cyber threats.