Written by: Andjela Radmilac

Translated by: Saoirse, Foresight News

A cryptocurrency vulnerability attack can drain a wallet in minutes, but the full extent of the loss often takes months to fully manifest. Token prices continuously drop, project funding pools shrink, hiring freezes occur, and even projects that survive the theft may completely lose their future in subsequent turmoil.

A cryptocurrency hack does not end at the moment the wallet is emptied. The theft is swift and intuitive, and then a slower collapse begins to spread within the project.

Tokens continue to decrease, funding pools shrink, hiring plans are cut, product development is delayed, and partners withdraw. Projects that should be fully focused on recovery find themselves spending months regaining their reputation rather than investing in building.

This is precisely the scenario depicted in Immunefi's latest "2026 On-chain Security Status Report." Its core message applies to any market—whether in the cryptocurrency industry or traditional sectors: initial losses are only part of the damage.

The more serious issue is the devastating impact of vulnerability attacks on the future of projects. Immunefi's data shows that the average amount stolen in a single attack within their sample is about $25 million, while the median percentage drop of stolen tokens within six months can reach as high as 61%. During this period, 84% of tokens fail to return to the price they held on the day of the theft, and project teams spend at least three months on remediation, delaying normal development.

However, these data come with certain premises: token declines can have multiple causes, and many projects were already weak before experiencing an attack—poor liquidity, overvaluation, or having already lost growth momentum.

Immunefi acknowledges that they cannot completely separate the impact of hacking attacks from broader market weaknesses and the issues of the projects themselves. Even so, the patterns revealed by the report are still worth noting: hacking attacks are no longer isolated theft incidents but resemble a long-tail business crisis.

The value of this report lies in its proof that even after the sensational news fades, the subsequent impacts of hacking attacks continue to cause long-term harm.

Median attack losses are declining, but extreme attacks are becoming more dangerous

Immunefi statistics indicate that 191 cryptocurrency attack incidents occurred from 2024 to 2025, totaling losses of $4.67 billion; over five years, there were a cumulative 425 attacks with total losses reaching $11.9 billion.

The number of attacks per year has remained almost unchanged: 94 in 2024, 97 in 2025, virtually the same as in 2023. This suggests that the overall market security has not significantly improved. Hacking attacks have become the norm in the cryptocurrency industry, and a few high-profile attacks are enough to define the industry risk for an entire year.

The report reveals a core contradiction:

The median loss from attacks in 2024-2025 was $2.2 million, down from $4.5 million in 2021-2023. On the surface, this seems like progress. However, the average loss still reaches about $24.5 million, more than 11 times the median; previously, this gap was only 6.8 times. The top five attacks accounted for 62% of all stolen funds; the top ten attacks accounted for 73%.

This is an extremely dangerous distribution pattern: the market appears stable and secure until a major event tears it apart. The scale of ordinary attacks has shrunk, but the real deadly risks lie in the tail—few large incidents absorb the vast majority of losses and impact the entire market within a day.

The most typical case is Bybit. The exchange's $1.5 billion vulnerability attack has become the most iconic hacking event of 2025, accounting for 44% of all stolen funds that year.

It is easy to view such events as news spectacles, but they reveal deeper issues of risk concentration: a failure at a core platform is enough to distort the annual loss structure across the entire industry, exposing that a few critical nodes still hold immense risks.

A prolonged decline is the true beginning of a project's collapse

While the data concerning stolen funds in the report is worth attention, the most alarming aspect is the price shock component.

Among the 82 stolen token samples counted by Immunefi:

• Within two days of the theft, the median percentage decline was about 10%, roughly in line with the previous cycle;
• However, the real shock becomes evident later: the median percentage decline over six months increased to 61%, higher than the 53% of 2021-2023.

Six months later:

• 56.5% of the stolen tokens experienced declines of over 50%;
• 14.5% saw declines exceeding 90%;
• Only about 16% of tokens' prices returned to above their stolen-day levels.

The chart shows the median price declines of 82 tokens hacked in Immunefi's samples for 2024 and 2025 (source: Immunefi)

To understand the full impact of hacking attacks, we can no longer view token prices as isolated market indicators. For the vast majority of crypto projects, the token serves as the treasury, financing foundation, and public reputation ledger. A prolonged decline will directly devastate the project's operation cycle, hiring ability, partnership leverage, and internal morale.

The report states that projects that have suffered attacks often lose their security leaders within weeks and enter at least a three-month remediation period. Even if the timing varies by project, the consequences are clear: projects with collapsed tokens and damaged brands have little room to breathe and turn around.

Many markets can withstand a theft, a bad quarter, or even a reputational crisis. But the cryptocurrency industry often compresses all three into a single event: an attack empties funds → tokens crash, publicly re-evaluating project value → partners withdraw before internal cleanup is finished.

Recovery in such an environment is extremely difficult and fatal for teams that already lack sufficient funding.

Dependency risks exacerbate the situation. Immunefi believes that the DeFi ecosystem is becoming increasingly interconnected, forming longer and more fragile risk chains among cross-chain bridges, stablecoins, liquidity staking, re-staking, and lending markets.

While some case studies in the report still require external verification, the overarching trend is undeniable: today's cryptocurrency system is more complex, which means the impact of a single attack can extend far beyond the protocol in question, spreading outward.

Centralized platforms remain at the epicenter of the explosion.

The report shows that out of the 191 attacks in 2024-2025, only 20 targeted centralized exchanges, yet these 20 caused losses of up to $2.55 billion, accounting for 54.6% of total losses.

This shifts the focus from smart contract vulnerabilities back to asset custody, key management, and over-concentration of infrastructure. For an industry that often markets itself on "decentralized risk resistance," the majority of significant losses still occur at highly trusted centralized nodes.

But this does not mean that all stolen projects are destined for failure. The industry has entered a new phase: whether a project can survive no longer depends on whether it can withstand a single attack but on whether it can endure the six months following the attack.

The theft is only the beginning of the crisis. What truly determines whether a project has a future is the long, slow, and persistent secondary damage that follows the attack.