This study systematically assesses 1,036 profit-driven criminal incidents in the DeFi ecosystem from 2017 to 2022, revealing their severity—cumulative losses exceeding $10 billion, accounting for one-third of total industry losses—and structural patterns. Employing event-based data mining and qualitative coding, we construct the first empirically grounded DeFi crime taxonomy and introduce a novel three-tiered actor model (target/victim, perpetrator, intermediary), enabling the first layered mapping and attribution of criminal behavior to the DeFi technology stack (protocol, smart contract, asset, and application layers). Results show that 52% of incidents directly targeted DeFi participants—accounting for 83% of total losses—while 41% involved DeFi participants as perpetrators, responsible for only 17% of losses. This framework provides an actionable analytical foundation for real-time risk monitoring, regulatory response, and secure protocol design.

Decentralized finance (DeFi) has been the target of numerous profit-driven crimes, but the prevalence and cumulative impact of these crimes have not yet been assessed. This study provides a comprehensive assessment of profit-driven crimes targeting the DeFi sector. We collected data on 1141 crime events from 2017 to 2022. Of these, 1036 were related to DeFi (the main focus of this study) and 105 to centralized finance (CeFi). The findings show that the entire cryptoasset industry has suffered a minimum loss of US$30B, with two-thirds related to CeFi and one-third to DeFi. Focusing on DeFi, a taxonomy was developed to clarify the similarities and differences among these crimes. All events were mapped onto the DeFi stack to assess the impacted technical layers, and the financial damages were quantified to gauge their scale. The results highlight that during an attack, a DeFi actor (an entity developing a DeFi technology) can serve as a direct target (due to technical vulnerabilities or exploitation of human risks), as a perpetrator (through malicious uses of contracts or market manipulations), or as an intermediary (by being imitated through, for example, phishing scams). The findings also show that DeFi actors are the first victims of crimes targeting the DeFi industry: 52% of events targeted them, primarily due to technical vulnerabilities at the protocol layer, and these events accounted for 83% of all financial damages. Alternatively, in 41% of events, DeFi actors were themselves malicious perpetrators, predominantly misusing contracts at the cryptoasset layer (e.g. rug pull scams). However, these events accounted for only 17% of all financial damages. The study offers a preliminary assessment of the size and scope of crime events within the DeFi sector and highlights the vulnerable position of DeFi actors in the ecosystem.