Decentralized Finance (DeFi) offers users decentralized financial services that are associated with the security of their assets. If DeFi is attacked, it could lead to considerable losses. Unfortunately, there is a lack of research on how DeFi developers respond to attacks during the development process. This lack of knowledge makes it difficult to identify which attacks to protect against and to create a comprehensive attack response system. This paper presents an empirical study to understand the current state of developers’ response to attacks during the development process. In addition, we conduct an analytical framework to help developers take preventive measures against attacks. Our research has revealed that Overflow Attack-related events are the most frequent (63, 19.75% of all attack-related events), and high-value DeFi projects tend to have more feedback and active development activities. We have observed that most of the attack instances (61, 85.92%) do not have corresponding attack-related development events, which can lead to a lack of trust between project teams and users if it is unclear whether the team responds to attacks. Furthermore, we have noticed that after the resolution of the same attack-related event, some attacks may recur, even though they could have been prevented. Consequently, we suggest some future research directions and provide some advice for DeFi project developers.

去中心化金融（DeFi）为用户提供与其资产安全相关的去中心化金融服务。如果 DeFi 受到攻击，可能会导致相当大的损失。遗憾的是，目前缺乏关于 DeFi 开发者在开发过程中如何应对攻击的研究。由于缺乏知识，很难确定要防御哪些攻击并创建全面的攻击响应系统。本文提出了一项实证研究，以了解开发人员在开发过程中对攻击的响应现状。此外，我们还建立了一个分析框架，帮助开发人员针对攻击采取预防措施。我们的研究显示，溢出攻击相关事件最为频繁（63 起，占所有攻击相关事件的 19.75%），高价值的 DeFi 项目往往有更多的反馈和活跃的开发活动。我们观察到，大多数攻击实例（61个，85.92%）没有相应的攻击相关开发事件，如果不清楚团队是否对攻击做出响应，可能会导致项目团队和用户之间缺乏信任。此外，我们注意到，在解决同一攻击相关事件后，某些攻击可能会再次发生，即使它们本来是可以预防的。因此，我们提出了一些未来的研究方向，并为 DeFi 项目开发者提供一些建议。