Architectural Concept Design Collection

  • CONTACT
  • MARKETCAP
  • BLOG
Finances Investing and Crypto News
  • BOOKMARKS
  • Finance
  • Investment
  • Crypto
    • Bitcoin
    • Blockchain
    • Ethereum
    • Forex
    • Tether
  • Market
    • Binance
    • Business
    • Investor
    • Money
    • Trading
  • News
    • Mining
    • NFT
    • Stocks
Reading: Hackers exploit audited DeFi protocols: What’s missing?
Share
  • bitcoinBitcoin(BTC)$105,829.66
  • ethereumEthereum(ETH)$2,522.91
  • tetherTether USDt(USDT)$1.00
  • rippleXRP(XRP)$2.18
  • binancecoinBNB(BNB)$652.92
  • solanaSolana(SOL)$151.06
  • usd-coinUSDC(USDC)$1.00
  • dogecoinDogecoin(DOGE)$0.185478
  • tronTRON(TRX)$0.284743
  • cardanoCardano(ADA)$0.67
Finances Investing and Crypto NewsFinances Investing and Crypto News
0
Font ResizerAa
  • Finance
  • Investment
  • Crypto
  • Market
  • News
Search
  • Finance
  • Investment
  • Crypto
    • Bitcoin
    • Blockchain
    • Ethereum
    • Forex
    • Tether
  • Market
    • Binance
    • Business
    • Investor
    • Money
    • Trading
  • News
    • Mining
    • NFT
    • Stocks
Have an existing account? Sign In
Follow US
© Foxiz News Network. Ruby Design Company. All Rights Reserved.
Finances Investing and Crypto News > Blog > News > Hackers exploit audited DeFi protocols: What’s missing?
News

Hackers exploit audited DeFi protocols: What’s missing?

admin
Last updated: 04/06/2025 5:01 Chiều
admin
Published 04/06/2025
Share


Contents
Recent attacks drive home the danger of economic exploitsBolstering audits with economic & game-theoretic analysisFounders must demand more from auditors

Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.

DeFi is under attack—but not from the threats the industry is used to defending against. While developers meticulously scan lines of code for vulnerabilities, attackers have shifted tactics, exploiting economic weaknesses that lie unnoticed beneath flawless programming. 

For instance, the JELLY token exploit on Hyperledger, where attackers were able to siphon over $6 million from Hyperledger’s insurance fund, is a prime example. That exploit wasn’t caused by coding errors at all, but by gameable incentives and unpriced risks that no one had scrutinized.

DeFi cybersecurity has come a long way. Smart contract audits—designed to catch bugs in a software’s code—are the norm nowadays. But we urgently need to broaden its scope beyond mere lines of code. Smart contract audits are fundamentally inadequate unless they also analyze economic and game-theoretic risks. The industry’s over-reliance on code-only audits is outdated and dangerous, leaving projects vulnerable to an unending cycle of attacks.

Recent attacks drive home the danger of economic exploits

In March 2025, Hyperliquid’s exchange, which had its contracts audited, was ambushed by a $6 million exploit involving its JELLY token. How? Attackers didn’t find a bug in the code; they engineered a short squeeze by abusing Hyperliquid’s own liquidation logic, pumping JELLY’s price, and manipulating the platform’s risk parameters.

In other words, Hyperliquid’s designers hadn’t priced in certain market behaviors—an oversight that traditional audits didn’t catch. Hyperliquid’s case shows that impeccable code can’t save a project that’s built on shaky economic assumptions.

Shortly before the JELLY incident, Polter Finance, a lending protocol on Fantom, was drained of $12 million through a flash loan attack, another common type of attack that relies on economics, not coding vulnerabilities​. The attacker took out flash loans and manipulated the project’s price oracle, tricking the system into treating worthless collateral as billions in value. 

The code did exactly what it was supposed to, but the design was flawed, making it possible for an extreme price swing to bankrupt the platform. The exploit proved so devastating that Polter Finance, a promising project, was forced to cease operations. 

These are not isolated attacks/events; they’re part of a growing pattern in DeFi. In case after case, clever adversaries exploit protocols by manipulating market inputs, incentives, or governance mechanisms to trigger outcomes developers didn’t anticipate. We’ve seen yield farms gutted by reward loopholes, stablecoin pegs attacked via coordinated market moves, and insurance funds drained by extreme volatility. 

Bolstering audits with economic & game-theoretic analysis

Traditional audits check whether “the code does what it’s supposed to,” but who checks if “what it’s supposed to do” makes sense under adversarial conditions? Unlike a closed program, DeFi protocols live in a dynamic, adversarial environment. Prices fluctuate, users adapt strategies, and protocols interconnect in complex ways.

While most web3 teams are staffed with engineers who can catch software bugs during development, few have in-house economic expertise, making it critical for audits to fill that gap and identify vulnerabilities in incentive design and economic logic.

Truly rigorous audits include game-theoretic and economic analysis, which involve scrutinizing things like fee mechanics, liquidation formulas, collateral parameters, and governance processes. They force auditors to consider: “Given these rules, how could someone profit by bending them?”

For example, during an audit performed by Oak Security, we discovered that a perpetual swaps platform’s insurance fund could be completely drained by volatility because it hadn’t accounted for “vega risk”—the protocol’s sensitivity to volatility—in its pricing model​. This wasn’t a code bug at all—it was a design flaw that would have caused collapse in turbulent markets. Only a game-theoretic and economic deep dive caught it—and luckily, we were able to flag the issue before launch.

These economic exploits are well-documented, and not terribly difficult to spot––but they only surface when auditors are asking the right questions, and thinking beyond the code on the page.

Founders must demand more from auditors

Protocol founders should request that auditors examine all components of a trading system, including implicit logic and off-chain components, to ensure comprehensive security. In the best scenario, all mission-critical logic would be brought on chain.

If you’re a founder or investor, it’s critical to ask your auditors: What about oracle manipulation? What about liquidity crunch scenarios? Did you analyze the tokenomics for attack vectors? If the answer is silence or hand-waving, you need to dig deeper. 

The cost of these blind spots is simply too high—incorporating economic and game-theoretic analysis isn’t just a “nice-to-have”; it’s a matter of survival for DeFi projects. We need to cultivate a culture where code review and economic review go hand in hand for every major protocol. 

Let’s raise the bar now—before another multimillion-dollar lesson forces our hand.

Jan Philipp Fritsche

Jan Philipp Fritsche

Jan Philipp Fritsche is the managing director of Oak Security, a cybersecurity firm specializing in web3 audits. Prior to his role at Oak Security, Dr. Fritsche amassed extensive experience in econometric and risk modeling, holding positions at institutions such as the European Central Bank and DIW Berlin. He holds a Ph.D. in Economics from Humboldt University of Berlin.

You Might Also Like

Profit-sharing protocols are turning users into owners

Nervos Network loses $3M in Force Bridge exploit

Cetus DEX releases post-mortem following $223M exploit

DeFi needs a dose of paranoia about risk management |Opinion

Weather alerts: Where centralization kills—literally

TAGGED:auditedDeFiexploitHackersmissingprotocolswhats

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Email Copy Link Print
Previous Article Ethereum eyes recovery as institutions offload BTC for ETH
Next Article Sui rallies past $1.75B TVL as bitcoin and stablecoin flows spike
Leave a Comment

Để lại một bình luận Hủy

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Follow US

Find US on Socials
FacebookLike
- Advertisement -
Ad image
Popular News
Solana indicators point north, bulls test $165 target
Emergency Funds: Importance and How to Build One
Debt Management: Strategies to Pay Off Debt Efficiently
Riot Platforms unloads 475 BTC in its biggest single-month Bitcoin sale to date
Revolut partners with Lightspark to add Bitcoin Lightning for UK and EEA users
- Advertisement -
Ad image

Follow Us on Socials

We use social media to react to breaking news, update supporters and share information

Twitter Youtube Telegram Linkedin
Finances Investing and Crypto News

FICN.net brings you the latest in finance, investment, and crypto. Stay informed with expert insights, market analysis, and beginner guides. Whether you're new or experienced, FICN.net helps you explore opportunities, manage risks, and make smarter financial decisions in a fast-changing world.

Subscribe to our newsletter

You can be the first to find out the latest news and tips about trading, markets...

Ad image
© 2024 Finance, Investment, and Crypto News. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?