DeFi hacks average $25M — frontend/DNS vector rises

Immunefi’s 2026 State of Onchain Security counts 425 publicly disclosed hacks between 2021 and 2025 that together total $11.9 billion in losses, with 191 incidents in 2024–2025 responsible for $4.67 billion of that sum and 94 attacks in 2024 versus 97 in 2025. (theblock.co) The report records a compression in routine exploit size—median losses declined to about $2.2 million from $4.5 million—while concentration rose: the five largest incidents accounted for 62% of funds stolen and the top 10 for 73%. (theblock.co) Immunefi explicitly flags a shift toward operational, multi‑vector attacks (social engineering, brand/DNS compromises and reputational threats) and has built Magnus to add real‑time monitoring for social‑engineering, frontend threats and onchain anomalies. (itnewsonline.com) Neutrl’s incident timeline shows investigators traced the compromise to the protocol’s DNS provider via suspected social‑engineering, with the team publicly advising users on March 19 to revoke Permit2 approvals and stop interacting with the compromised frontend. (cryptotimes.io) After migrating its site to a new domain and switching DNS providers, Neutrl reported restoring services and unpausing contracts while explicitly warning users to avoid the old domain and to revoke any unknown approvals tied to the compromised address. (binance.com) Analyses of recent attacks—most notably a March 12 BONKfun domain hijack that injected wallet‑draining scripts without touching smart contracts—underscore why vendors such as Hypernative are marketing continuous frontend/DNS monitoring as a complementary control to on‑chain audits. (dev.to)