Fewer than half of all DeFi protocols that suffer a hack or exploit survive the experience.

That’s according to research from Cozy Finance, a blockchain-based market that offers DeFi businesses “FDIC-like” insurance.

Cozy reviewed the experience of 64 projects that had at least $1 million in user deposits at the time of the hack. Only 39%, or 25 of those projects, survived.

“Many DeFi founders take a fatalistic view of hacks, striving to prevent them with best security practices but assuming that a hack will probably be project-ending,” Cozy’s report reads.

“A project surviving a hack is more likely than many think.”

Decentralised finance is plagued by hacks and exploits. The reason is simple: blockchain transactions are irreversible.

Once crypto is in a hacker’s wallet, no bank or government can void an illegitimate transaction on a victim’s behalf.

The consequences are staggering: more than $1.2 billion in crypto has been stolen this year, according to DefiLlama data. More than $9 billion has been stolen since 2016, when hackers took 3.6 million Ether — valued at about $60 billion — from The DAO in the first major crypto hack.

DeFi projects have become a particularly attractive target for North Korea. According to US law enforcement, crypto stolen by North Korea has been used to fund the country’s nuclear weapons programme.

The odds a DeFi project survived varied dramatically based on their ability to recover stolen crypto and to reimburse users, according to Cozy’s research.

About 44% of hacked projects reviewed by Cozy were able to recover some or all of the stolen money. Of those, 28% recovered the stolen crypto using “technical intervention,” and in 31% of cases, hackers or law enforcement returned the crypto.

They were almost twice as likely to survive the experience. And projects that were able to significantly reimburse users did even better.

Two-thirds of those that return 80% of the stolen crypto to users survived, according to Cozy. On the flip side, those that return only a quarter of user funds have an abysmal survival rate of 14%.

To be sure, recovering stolen crypto likely made it far easier to reimburse users. But even those that were unable to recover any crypto did far better when they found a way to reimburse users.

“Among the 26 projects with a reimbursement rate of less than 25%, only 12% of them survived,” Cozy found.

“Conversely, among the 10 projects with a reimbursement rate above 25% the survival rate soared to 80% and the 6 projects reimbursing above 60% had a 100% survival rate.”

Cozy Finance did not immediately return DL News’ request for comment.

Aleks Gilbert is DL News’ New York-based DeFi correspondent. You can contact him at aleks@dlnews.com.