Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
A cryptocurrency hack does not conclude when the wallet is emptied. The initial theft occurs swiftly and is highly visible, followed by a gradual deterioration that affects the remainder of the project.
The token continues to decline, the treasury diminishes alongside it, hiring initiatives are scaled back, product timelines are postponed, partners withdraw, and the organization that was meant to recover spends months striving for credibility instead of progressing.
This is the scenario depicted in Immunefi’s latest “State of Onchain Security 2026” report. Its premise is straightforward enough for any market, whether crypto or otherwise: the initial loss is merely one aspect of the overall damage.
The significantly larger issue arises from the impact the exploit has on a project’s future. Immunefi reports that the average direct theft in its analysis amounted to approximately $25 million, while hacked tokens experienced a median decline of 61% over six months. During this period, 84% did not return to their price on the day of the hack, and teams lost at least three months in recovery efforts.
However, these figures come with important considerations. Token prices can drop for various reasons, and hacked projects are frequently vulnerable prior to an exploit. Some may be illiquid, overvalued, or already losing traction.
Immunefi recognized that it cannot always completely distinguish hack-related damage from broader market weaknesses or project-specific issues. Nevertheless, the trend it outlines warrants attention as it illustrates that hacks no longer function as isolated thefts; they now resemble prolonged corporate crises.
This is what lends significance to the report: it demonstrates how frequently the aftermath of a hack continues to inflict harm long after the initial headlines have faded.
The median hack may have decreased in size, but the most severe incidents have become more perilous
Immunefi recorded 191 hacks during 2024 and 2025, totaling $4.67 billion, bringing its five-year total to 425 hacks and $11.9 billion in losses.
The annual count remained relatively unchanged, with 94 known hacks in 2024 and 97 in 2025, nearly identical to 2023. This indicates that the market has not made significant strides toward enhanced safety. Hacks have become an everyday occurrence in crypto, while the most significant incidents continue to define the year.
The primary contradiction presented in the report lies within the averages.
The median theft during 2024-2025 was $2.2 million, down from $4.5 million in 2021-2023. At first glance, this may appear to be progress. However, the average theft still reached approximately $24.5 million, over 11 times the median. In the previous period, that disparity was 6.8 times. The top five hacks accounted for 62% of all stolen funds, while the top 10 represented 73%.
This distribution is particularly hazardous. It creates an illusion of safety and stability in the market until a major event disrupts it. Thus, while the typical exploit may be smaller than in the past, the real danger lies in the tail. This is where a few significant failures absorb the majority of the damage and can crash the market in a single day.
Consider Bybit. The exchange’s $1.5 billion exploit became the defining hack of 2025 and, according to Immunefi’s calculations, represented 44% of all funds stolen that year.
It is easy to view such an event as a spectacle. However, it highlights a much deeper concentration issue. A single failure at a major venue can skew the industry’s annual loss profile and reveal how much risk remains concentrated in just a few critical chokepoints.
Related Posts
The prolonged decline is where projects begin to falter
While the report’s data on theft is certainly noteworthy, the most striking aspect is its section on price damage.
In Immunefi’s analysis of 82 hacked tokens, the initial shock was largely consistent. The median decline over two days was around 10%, which aligns with the earlier cycle. However, the most significant impact was observed later, as the median six-month decline increased to 61%, up from 53% in the 2021-2023 study.
At the six-month mark, 56.5% of hacked tokens had fallen by more than half, and 14.5% had decreased by over 90%. Only about 16% traded above their price on the day of the hack six months later.
Chart showing the median token price decline from Immunefi’s sample of 82 hacked tokens in 2024 and 2025 (Source: Immunefi)
To grasp the full impact of a hack, it is essential to stop viewing token prices as an isolated market characteristic. For most cryptocurrency companies, the token serves as a treasury, financing base, and often a public scorecard. A prolonged downturn directly affects a company’s runway, recruitment capabilities, deal-making leverage, and internal morale.
The report indicated that hacked projects frequently lose security leadership within weeks and spend at least three months in recovery mode. Even if these timelines vary by project, the consequences are evident. A company with a compromised token and a tarnished brand has fewer options to buy time.
Many markets can absorb a theft, a poor quarter, or even a reputational setback. However, the crypto sector often compresses all three into a single event. The exploit depletes funds, the token revalues the business publicly, and counterparties respond before the internal recovery is complete. This creates a challenging environment for recovery, particularly for teams that were never overcapitalized to begin with.
Dependency risk exacerbates the situation. Immunefi contends that a more interconnected DeFi ecosystem has established longer chains of vulnerability across bridges, stablecoins, liquid staking, restaking, and lending markets.
This point should be approached cautiously, especially since the report employs case studies that require external verification. Nonetheless, the overarching trend is difficult to overlook. Crypto systems are more complex than they were a few years ago, meaning a hack can propagate much further than the protocol where it originated.
Centralized platforms still remain near the epicenter of the impact.
The report states that only 20 of the 191 hacks in 2024-2025 involved centralized exchanges, yet those incidents accounted for $2.55 billion, or 54.6% of all stolen funds.
This extends the issue beyond mere smart-contract vulnerabilities and returns to concerns about custody, key management, and infrastructure concentration. For a market that often promotes decentralization as a remedy for fragility, some of the largest losses still arise from areas where trust is heavily concentrated.
However, this does not imply that every hacked project is destined for failure. The industry has now entered a phase where survival hinges not on whether a team can withstand a hack, but on whether it can endure the subsequent six months.
The theft initiates the crisis, but the prolonged damage determines whether the project has a future once the market moves on.
The post Why crypto hacks don’t end and continue even when the money is gone appeared first on CryptoSlate.
