Hackers continue to misuse audited defi protocols: What are they missing?

Defi is under attack, but not from the threats used by the industry to defend. Developers scan lines of code carefully for vulnerabilities, but attackers change tactics and take advantage of unnoticed economic weaknesses under perfect programming.

You might like it too: defi requires a dose of (healthy) paranoia regarding risk management | Opinion

For example, a jelly token exploit at HyperRedgar, where an attacker could siphon over $6 million from HyperRedgar’s insurance fund. That exploit is not caused by coding errors, but by lattice incentives and priceless risks that no one has scrutinized.

Defi Cybersecurity has come a long way. Smart contract auditing, designed to catch bugs in software code, is the standard these days. But you need to extend that range beyond just a line of code. Smart contract audits are essentially insufficient unless you also analyze economic and game-theoretical risks. Overreliance on industry code-only auditing is outdated and dangerous, and projects are vulnerable to endless attack cycles.

Recent attacks drive the risk of economic exploitation

In March 2025, the Hyperliquid exchange, which audited the contract, was ambushed by a $6 million exploit containing jelly tokens. how? The attacker found no bugs in the code. They designed a short aperture by abusing Hyperliquid’s own liquidation logic, pumping up Jelly’s prices and manipulating risk parameters on the platform.

In other words, Hyperliquid designers did not price specific market actions. This is an surveillance that traditional audits have not caught. The Hyperliquid case shows that projects cannot be saved built on unstable economic assumptions.

Shortly before the Jelly incident, Fantom’s lending protocol, Polter Finance, was released $12 million through A. Flash Loan Attackanother common type of attack that relies on economics rather than coding vulnerabilities. The attacker took out the flash loan, manipulated the project’s priced Oracle, and tricked the system into treating unworthy collateral as billions of value.

The code did exactly what was supposed to be, but the design was flawed, allowing for an extreme price swing to bankrupt the platform. The exploit proved to be so devastating that the promising project, Polter Finance, was forced to shut down operations.

These are not isolated attacks/events. They are part of the growth pattern of defi. In post-case cases, clever enemies leverage protocols by manipulating market input, incentives, or governance mechanisms to trigger results the developers didn’t expect. We have seen farms hit by reward loopholes, stable pegs attacked through coordinated market movements, and insurance funds emitted by extreme volatility.

Enhanced auditing through economic and game theory analysis

Traditional audits check if “code does what it should be”, but do you check if “what it should be” makes sense under adversarial conditions? Unlike closed programs, the Defi protocol lives in a dynamic and hostile environment. Prices fluctuate, users adapt strategies, and protocols interconnect in complex ways.

Most Web3 teams have engineers who can catch software bugs during development, but they have little internal economic expertise. It is important that audits fill that gap and identify vulnerabilities in incentive design and economic logic.

A truly rigorous audit involves scrutiny of fee mechanisms, liquidation formulas, collateral parameters, governance processes, and more. They told the auditor, “Given these rules, how can someone benefit from bending them?”

For example, during an audit conducted by Oak Security, we found that insurance funds on permanent swap platforms could be completely discharged by volatility because they did not consider the “Vega risk” (protocol sensitivity to volatility) in the Pricing model. This was not a code bug, but a design flaw that would cause collapse in the turbulent market. Only deep dives in game theory and economics captured it. Luckily we were able to flag the issue before launch.

These economic exploitations are well documented and not too difficult to find, but only surface when the auditor asks the right questions and thinks beyond the code on the page.

Founders need to ask more from their auditors

The founders of the protocol must require that the auditor examine all components of the trading system, including implicit logic and off-chain components, to ensure comprehensive security. In the best scenario, all mission-critical logic is brought to the chain.

If you are a founder or investor, it is important to ask the auditor. How about OracleManipulation? What about liquidity crunch scenarios? Have you analyzed the talk nemics of attack vectors? If the answer is silent or waving, you need to dig deeper.

The cost of these blind spots is simply too high. Not only is it incorporated into economic and game theory analysis, it is not just “good.” It’s a matter of survival of the Defi project. Code reviews and economic reviews need to cultivate a culture that gets used to all key protocols.

Raise the bar now. Before another multi-million dollar lesson forced our hands.

read more: Decentralized but not vulnerable: Crypto needs a crisis manual | Opinion