Author: Andjela Radmilac
Compiled by: Saoirse, Foresight News
Original title: Under the shadow of hackers , it's not just about the loss of funds.
Cryptocurrency vulnerabilities can empty a wallet in minutes, but the full extent of the damage often takes months to materialize. Token prices plummet, project liquidity pools shrink, hiring freezes, and even projects that survive a hack may lose their future entirely in the ensuing turmoil.
Cryptocurrency hacks never end the moment wallets are emptied. The theft is swift and obvious, but a slower collapse then begins to spread within the project.
As token prices continued to fall, liquidity pools shrank, hiring plans were cut, product development was delayed, and partners withdrew one after another. Projects that should have been focused on recovery instead spent months rebuilding their reputation, rather than investing in development.
This is exactly the picture painted by Immunefi's latest "State of On-Chain Security Report 2026". Its core message applies to any market—whether it's the crypto industry or traditional sectors: initial losses are only part of the damage.
A more serious problem lies in the devastating impact of vulnerability attacks on the project's future. Immunefi data shows that the average direct loss from a single attack in its sample was approximately $25 million, with the median drop in value of stolen tokens reaching 61% within six months. During this period, 84% of the tokens failed to recover to their price on the day of the theft, and the project team had to spend at least three months on cleanup and remediation, disrupting normal development.
However, these data are based on certain premises: there are multiple reasons for the decline in tokens, and many projects were already vulnerable before the attack - poor liquidity, overvaluation, or had already lost their growth momentum.
Immunefi acknowledges that they cannot completely separate the impact of the hack from the overall market downturn and the project's own problems. Even so, the pattern revealed in the report is still noteworthy: the hack is no longer an isolated theft incident, but rather resembles a long-tailed corporate crisis.
The value of this report lies in its demonstration that the long-term effects of hacking attacks continue to cause harm even after the initial news coverage has faded.
Median attack losses are decreasing, but extreme attacks are becoming more dangerous.
According to Immunefi statistics, there were 191 crypto attacks in 2024-2025, with a total loss of $4.67 billion; and a total of 425 attacks in five years, with a total loss of $11.9 billion.
The number of attacks has remained almost unchanged from year to year: 94 in 2024 and 97 in 2025, roughly the same as in 2023. This indicates that the overall security of the market has not improved significantly. Hacking attacks have become commonplace in the crypto industry, and a few major attacks are enough to define the industry risk for an entire year.
The report reveals a core contradiction:
The median loss from attacks in 2024-2025 was $2.2 million, down from $4.5 million in 2021-2023. This appears to be progress. However, the average loss is still a staggering $24.5 million, more than 11 times the median; previously, the gap was only 6.8 times. The top five attacks accounted for 62% of all stolen funds; the top ten attacks accounted for 73%.
This is an extremely dangerous distribution pattern: the market appears stable and safe until a mega-event tears it apart. The scale of ordinary attacks becomes smaller, but the real lethal risk lies in the tail—a few major incidents can absorb the vast majority of losses and impact the entire market within a single day.
The most typical example is Bybit. The $1.5 billion vulnerability attack on the exchange became the most iconic hack of 2025, accounting for 44% of all funds stolen that year.
People may easily dismiss such events as news spectacles, but they expose a deeper problem of concentrated risk: the failure of a single core platform is enough to distort the annual loss structure of the entire industry, revealing that a few key nodes still harbor enormous risks.
A prolonged decline is the true beginning of a project's collapse.
While the data on stolen funds in the report is certainly noteworthy, the most alarming part is the section on price shocks.
Of the 82 stolen tokens sampled by Immunefi:
Within two days of the theft, the median drop was about 10%, roughly the same as the previous cycle;
But the real impact came later: the median six-month decline widened to 61%, up from 53% in 2021-2023.
Six months later:
56.5% of the stolen tokens saw a drop of more than 50%;
A 14.5% drop, exceeding 90%;
Only about 16% of the token prices have returned to levels above the day the theft occurred.
The chart shows the median price drop of the 82 hacked tokens in the Immunefi sample in 2024 and 2025 (Source: Immunefi).
To understand the full impact of a hack, we can no longer view token prices as an isolated market indicator. For the vast majority of crypto projects, tokens are their treasury, the foundation for fundraising, and a public record of their credibility. A prolonged crash will directly and severely damage a project's operational cycle, recruitment capabilities, bargaining power in partnerships, and internal morale.
The report points out that projects that have been attacked often lose their security leaders within weeks and enter a recovery period of at least three months. Even if the timeframe varies from project to project, the consequences are obvious: projects that suffer token collapse and brand damage have almost no room to recover or turn things around.
Many markets can withstand a theft, a bad quarter, or even a reputational crisis. But the crypto industry often compresses all three into a single event: an attack drains funds → token crashes and a public revaluation of the project → partners withdraw before internal cleanup is even complete.
Recovery under such circumstances is extremely difficult, and it is even more fatal for teams that are already short of funds.
Reliance on risk exacerbates the situation. Immunefi believes that the increasingly interconnected DeFi ecosystem has created a longer and more vulnerable risk chain between cross-chain bridges, stablecoins, liquidity staking, restaking, and lending markets.
While some cases in the report still require external verification, the general trend is undeniable: today's encryption systems are more complex, which means that the impact of an attack can spread far beyond the affected protocol itself.
Centralized platforms remain at the epicenter of the explosion.
The report shows that of the 191 attacks in 2024-2025, only 20 targeted centralized exchanges, but these 20 attacks caused losses of up to $2.55 billion, accounting for 54.6% of the total losses.
This shifts the focus from smart contract vulnerabilities to asset custody, key management, and over-centralization of infrastructure. For an industry that often touts "decentralization for risk mitigation," the majority of huge losses still occur in centralized nodes that heavily rely on trust.
However, this does not mean that all stolen projects are doomed to failure. The industry has entered a new phase: a project's survival no longer depends on whether it can withstand a single attack, but on whether it can withstand the six months that follow.
The theft was merely the beginning of the crisis. What truly determines the project's future is the long, slow, and continuous secondary damage that follows the attack.
Twitter: https://twitter.com/BitpushNewsCN
BitPush Telegram Community Group: https://t.me/BitPushCommunity
Subscribe to Bitpush Telegram: https://t.me/bitpush
