How does pigi.finance work?

pigi.finance searches for the best yield opportunities and rebalances your assets accordingly. The assets are stored in the smart contracts and you can withdraw your funds at any time.

Where does the yield come from?

pigi.finance generates yield through a combination of DeFi strategies including lending protocols (Aave, Morpho, Euler, Fluid), liquid staking (Lido, EtherFi), delta-neutral strategies (Ethena), and real-world asset protocols. Each strategy is categorised by yield source and risk level on the platform.

Is pigi.finance safe for savings?

While all DeFi investments carry risk — including smart contract risk, protocol risk, market risk, and regulatory risk — pigi.finance only lists strategies that have undergone third-party security review. Each strategy page includes risk ratings from agencies such as TokenInsight, Bluechip, and DeFiSafety. Full risk details are available at https://pigi.finance/risks.

What assets can I invest in?

pigi.finance covers yield strategies across USD stablecoins (USDC, USDT, DAI, USDS), ETH, EUR stablecoins, and BTC. Strategies are filterable by asset type and risk level on the leaderboard.

pigi.finance does not charge users to browse the strategy leaderboard. The B2B Vault Intelligence API starts at $200 per month and includes a 1-month free trial and full integration support.

Can I withdraw my funds at any time?

Withdrawal terms depend on the underlying protocol. Most lending and liquid staking strategies allow instant or same-day withdrawals. Some strategies may have withdrawal queues or lock-up periods — these are noted on each strategy's detail page.

What is a vault in the context of pigi.finance?

pigi.finance uses vault as a unified term covering all structured on-chain vehicles that accept capital and generate yield. This includes ERC-4626 token vaults, AMM liquidity pools, stability pools, lending pools, and more — one consistent term across every protocol indexed on the platform.

Back to Learn

DEFI FUNDAMENTALS

The Cost of Open Finance: Comparing DeFi Insecurity to TradFi Banking Failures

Just how insecure is DeFi? We quantify the true cost of DeFi exploits and compare it against the traditional finance (TradFi) banking system to put the risk premium of open finance into proper context.

6 min read

Bill Evans

Introduction

As the decentralized finance (DeFi) ecosystem matures, one critical question continues to loom over institutional and retail participants alike: just how insecure is DeFi?To answer this, we set out to quantify the true cost of DeFi exploits and compare it against the traditional finance (TradFi) banking system. By looking at the percentage of total value locked (TVL) lost to hacks year-over-year, we aimed to contextualize DeFi's risk landscape. However, comparing the bleeding edge of open finance to the heavily fortified walls of traditional banking proved to be as complex as the protocols themselves.

Here is a breakdown of our methodology, the challenges of comparing "apples to apples," and what the data tells us about the true risk premium of participating in DeFi.

Defining the Scope: What Constitutes a "DeFi Hack"?

DeFi is built on public blockchains, making it incredibly convenient to find "on-chain" data. Every transaction, exploit, and drained wallet is permanently recorded. However, the abundance of data creates a categorization problem: where do we draw the line between a broad crypto hack and a specific DeFi exploit?

For this analysis, we chose to be strict. We wanted to isolate the systemic risks of decentralized financial protocols themselves.

What we excluded: We filtered out broad crypto hacks (such as the infamous 2016 TheDAO event), bridge exploits, centralized exchange (CEX) compromises, wallet drains, and financial losses stemming from user misuse (e.g., phishing).
What we included: Only direct exploits of DeFi protocols.

Drawing this line isn't always uncontroversial. For instance, when analyzing the recent Drift protocol incident, Aave founder Stani Kulechov argued it shouldn't be categorized as a strictly "DeFi" hack. Despite this, we chose to include it in our dataset to maintain a conservative estimate of protocol risk. This constantly raises a methodological question for the industry: should bridge hacks or user misuse be factored into the overall "DeFi risk profile," or do they belong in a separate security category?For now, we are keeping them separate to isolate protocol-level insecurity.

The Complexity of Calculating Lost Capital

Even when a hack is perfectly categorized, calculating the precise financial impact is notoriously difficult. On-chain theft is rarely a simple subtraction problem:

Partial Recoveries and Whitehats: In many cases, a portion of the stolen funds is returned to victims, either through negotiations with the hacker or via whitehat interventions. For example, during the 1inch Hack in March 2025, an exploiter drained approximately $5 million due to a vulnerability in outdated Fusion v1 smart contracts. Following negotiations, most of the funds were returned, with the hacker keeping a portion as a "white hat" bounty.
Insurance and Reimbursements: Sometimes deposits are insured, or the development teams step in to reimburse their users from treasury funds.
Delayed Restitutions: In rare instances, funds are returned or unlocked long after the initial exploit, shifting the historical data.
Interconnected Contagion: Because DeFi protocols are highly composable (the "money legos" effect), calculating the full downstream collateral damage of a single exploit can be staggering.
Gross vs. Net Losses: We did not analyze how much money was ultimately saved, returned, or repaid — we only used the headline values of the hacks. Real net losses may therefore be lower than the figures shown here.

Despite these variables, we aggregated data from open sources and established a year-by-year overview of assets lost in DeFi from 2020 to 2026. If you notice any discrepancies in our public data, we encourage you to contact us so we can refine our models.

The 2008 Outlier and the TradFi Average

To put traditional bank failures into perspective, consider the 2008 financial crisis. Our data shows that the collapse involved $373.6 billion of banking assets out of a $13.90 trillion system — about 2.7%. Most of those retail deposits were insured, but the true cost was felt indirectly through job losses, inflation, and taxpayer-funded bailouts.

When we zoom out, 2008 was a massive outlier. Based on FDIC's annual data, the long-run average of TradFi failures is much lower:

From 2001 to 2025, the average annual share of system assets held by failing institutions is roughly 0.31%.
The median annual share is a microscopic 0.02%, heavily weighted by years where no banks failed at all.
The 2008 crisis (2.7%) was roughly 8.8x higher than the 2001–2025 average.

A crucial wording distinction: This 0.31% metric does notmean 0.31% of banking assets were destroyed or stolen every year. It means that 0.31% of system assets were held by institutions that went insolvent. Thanks to the FDIC, insured depositors were made whole. In DeFi, an exploit usually means the capital is mathematically gone.

For the live dataset, charts, and full list of incidents, see the DeFi hacks tracker.

The Cost of Open Finance: Comparing DeFi Insecurity to TradFi Banking Failures

Introduction

Defining the Scope: What Constitutes a "DeFi Hack"?

The Complexity of Calculating Lost Capital

The 2008 Outlier and the TradFi Average

Related reading

Understanding DeFi Yield Sources

What is a Vault in crypto?

AI Won't Build a DeFi Indexer for You