Decentralized finance (DeFi) projects have suffered losses of approximately $2 million in three separate incidents over the past few days. These incidents highlight the various threats faced by DeFi users, including governance attacks, third-party vulnerabilities, and hacking attempts.

Atlantis Loans and Sturdy Finance, two lending platforms, were targeted in governance attacks and via a known vulnerability in their price oracle system, respectively. Additionally, the open-source nature of DeFi was exploited through a vulnerable tool called K3PR, resulting in losses of around $200,000 worth of K3PR tokens to the attacker's address.

The recent compromise of the Keep3r project due to an insecure vanity address tool called Profanity was warned about by decentralized exchange 1inch in September, and Wintermute lost $160 million to the same bug five days later. Composability between projects can lead to innovation but also creates risks when depending on external code, as seen in the $200 million Euler hack in March.