Immunefi says DeFi is 'getting safer' as exploit losses fall 74% from 2022 peak amid AI-driven security arms race

DeFi protocol losses tied to exploits are down 74% from a 2022 peak of $2.62 billion to $680.3 million in 2025, according to Web3 security firm Immunefi.

The industry also recorded a 75% decline in median loss per exploit from $6 million in 2022 to $1.5 million in 2025, a figure the company described as the "more telling metric."

The findings come from Immunefi’s 2026 Ecosystem Vulnerability Audit, a six-year analysis of exploit-driven losses across major blockchain ecosystems from 2020 through 2025.

According to the report, ecosystem-class attacks, including flash-loan oracle manipulations and reentrancy exploits affecting composability layers, shrunk from nearly 19% of losses in 2022 to under 1% in 2025.

At the same time, infrastructure failures, such as private-key compromises and database attacks, declined from 30.7% of losses in 2022 to 10.3% in 2025.