比特币橙子Trader
比特币橙子Trader|May 26, 2026 12:00
Why do institutions dare not invest large amounts of funds in DeFi? By understanding these three major hacking incidents, you will understand April 2026 was the worst month in the history of encryption to be hacked, with over $625 million stolen in a single month. The scariest thing is that these losses are not at all due to vulnerabilities in the smart contract code. Hackers have already shifted their focus to the operational base. List these three major cases of blood loss: 1. Drift's stolen $285 million code has passed two top-level audits, but the vulnerability lies in humans. The hacker spent half a year disguising himself as a quantitative organization and obtained multi signature authorization by getting close to the core team. At the moment when the team changed the security time lock to 0, the hacker Lightspeed took over the administrator privileges and took away $285 million in real assets within 12 minutes. 2. KelpDAO triggered a billion dollar run across the entire network, and the cross chain bridge was only equipped with one unique verification node. After the hacker dealt with this single point, they printed out fake tokens worth 292 million US dollars out of thin air and deposited them into Aave to borrow real assets. Due to the composability of DeFi, this small mistake triggered a run on Aave, causing the entire DeFi market to plummet by over $13 billion within 48 hours. 3. Wasabi's private key was stolen, resulting in a loss of 4.5 million, which is a typical example of excessive concentration of power. The administrator privileges are actually in a single person wallet that doesn't even have multiple signatures. After stealing the private key, the hacker directly upgraded the contract and emptied the pool. This low-level mistake, which has been warned countless times by the industry, is still repeating itself. The truth is that the vast majority of projects promoting decentralization on the market are essentially open finance that heavily relies on administrator privileges. As long as these privileged backdoors remain, smart contracts, no matter how perfect, are useless. If DeFi wants to attract real institutional funding, it must stop brainwashing marketing, be honest and open about its trust assumptions, and make daily operational security a top priority!
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads