Under the Shadow of Hackers: It’s Not Just Funds That Vanish
TechFlow Selected TechFlow Selected
Under the Shadow of Hackers: It’s Not Just Funds That Vanish
Theft is merely the beginning of the crisis. What truly determines whether a project still has a future is the prolonged, slow, and ongoing secondary damage that follows the attack.
Navigating Web3 tides with focused insightsBy Andjela Radmilac
Translated by Saoirse, Foresight News
A cryptocurrency exploit can drain a wallet in minutes—but the full extent of the damage often unfolds over months. Token prices keep falling, project treasuries shrink, hiring freezes take effect, and even projects that survive the initial breach may ultimately lose their future amid the ensuing fallout.
Cryptocurrency hacks do not end the moment a wallet is emptied. Theft arrives swiftly and visibly; what follows is a slower, internal collapse spreading across the project.
Tokens continue to decline, liquidity pools dwindle, hiring plans are cut, product development stalls, and partners withdraw. Projects that should be racing to recover instead spend months rebuilding trust—rather than building.
This is precisely the picture painted by Immunefi’s latest 2026 State of Onchain Security Report. Its central thesis applies across markets—whether crypto or traditional industries: initial losses represent only part of the harm.
Far more serious is the devastating impact exploits have on a project’s future. Immunefi data shows that the average direct theft per incident in its sample was approximately $25 million, while the median token price dropped 61% within six months after the breach. During this period, 84% of tokens failed to recover to their pre-breach price level, and project teams spent at least three months on post-incident remediation—delaying normal development.
Yet these figures come with caveats: token declines stem from multiple causes, and many projects were already fragile before being attacked—suffering from poor liquidity, overvaluation, or stalled growth.
Immunefi acknowledges it cannot fully isolate the impact of hacks from broader market weakness or preexisting project issues. Still, the patterns revealed remain highly significant: hacks are no longer isolated theft events—they resemble long-tail corporate crises.
The report’s value lies in demonstrating that, long after headlines fade, the downstream effects of hacks continue inflicting lasting damage.
Median attack losses are declining—but extreme attacks are becoming more dangerous
Immunefi recorded 191 crypto attacks between 2024 and 2025, totaling $4.67 billion in losses; over five years, 425 attacks caused $11.9 billion in total losses.
Annual attack counts have barely changed: 94 in 2024, 97 in 2025—roughly flat versus 2023. This indicates no meaningful improvement in overall market security. Hacks have become business-as-usual in crypto, with just a few mega-attacks defining an entire year’s risk profile.
The report reveals a core contradiction:
The median loss for attacks in 2024–2025 was $2.2 million—down from $4.5 million in 2021–2023. Superficially, this appears like progress. Yet the average loss remains as high as ~$24.5 million—more than 11 times the median, compared to just 6.8 times previously. The top five attacks accounted for 62% of all stolen funds; the top ten, for 73%.
This is an extremely hazardous distribution: the market appears stable and safe—until one massive event tears it apart. Smaller-scale attacks have become less frequent, but true existential risk now resides in the tail—where a handful of catastrophic incidents absorb the vast majority of losses and shock the entire market in a single day.
The most emblematic case is Bybit. Its $1.5 billion exploit became the most defining hack of 2025—accounting for 44% of all funds stolen that year.
It’s easy to dismiss such events as news spectacles—but they expose deeper systemic risk concentration: a single failure at a core platform can distort an industry-wide annual loss structure, revealing that enormous risk remains concentrated at a few critical nodes.
The prolonged decline—not the hack itself—is when a project truly collapses
While the data on stolen funds is certainly noteworthy, the most alarming findings concern price impact.
Among Immunefi’s sample of 82 exploited tokens:
- Median price fell ~10% within two days post-breach—consistent with the prior cycle;
- But the real damage emerged later: median six-month decline widened to 61%, up from 53% in 2021–2023.
Six months later:
- 56.5% of exploited tokens fell more than 50%;
- 14.5% fell more than 90%;
- Only ~16% recovered to levels above their pre-breach price.
Chart showing median token price decline across 82 hacked tokens in Immunefi’s 2024–2025 sample (Source: Immunefi)
To grasp the full impact of a hack, we can no longer treat token price as an isolated market indicator. For most crypto projects, the token is their treasury, their fundraising engine—and their public credibility scorecard. Sustained crashes directly cripple operational timelines, hiring capacity, partnership leverage, and internal morale.
The report notes that breached projects often lose their head of security within weeks—and enter at least a three-month remediation phase. Though timelines vary by project, consequences are unmistakable: projects suffering token collapse and brand damage have virtually no breathing room—or path to recovery.
Many markets can absorb a theft, a bad quarter, or even a reputational crisis. But crypto frequently compresses all three into a single event: attack drains funds → token crash publicly revalues the project → partners exit before internal cleanup even finishes.
Recovery under such conditions is exceptionally difficult—and fatal for teams already operating on tight capital.
Interdependence compounds the problem. Immunefi observes that the DeFi ecosystem has grown increasingly interconnected, forming longer, more fragile risk chains across cross-chain bridges, stablecoins, liquid staking, restaking, and lending markets.
Although some cases cited in the report still require external verification, the overarching trend is undeniable: today’s crypto systems are more layered and complex—meaning the ripple effects of a single attack extend far beyond the compromised protocol itself.
Centralized platforms remain ground zero.
Of the 191 attacks in 2024–2025, only 20 targeted centralized exchanges—but those 20 caused $2.55 billion in losses, representing 54.6% of the total.
This shifts the problem away from smart-contract vulnerabilities and back toward asset custody, key management, and infrastructure overconcentration. In an industry that frequently touts “decentralization as resilience,” most massive losses still occur at highly trust-dependent centralized nodes.
That said, not all breached projects are doomed. The industry has entered a new phase: survival no longer hinges on whether a project can withstand a single attack—but whether it can endure the six months that follow.
Theft is merely the opening act of a crisis. What truly determines whether a project still has a future is the long, slow, sustained secondary damage that follows the attack.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@CryptoSlate
