Experts warn that 80% of hacked cryptocurrency projects will never "fully recover"
According to Mitchell Amador, CEO of the Web3 security platform Immunefi, nearly 80% of cryptocurrency projects that have been hacked are unable to fully recover.
Sharing with Cointelegraph, Amador stated that most protocols fall into paralysis immediately upon discovering a security vulnerability. “Most projects are not fully aware of the level of risk they are facing and are also unprepared operationally for serious security incidents,” he noted.
According to Amador, the first few hours after an incident often cause the most severe consequences. Without a pre-existing response plan, project teams tend to hesitate, debate the next course of action, and underestimate the seriousness of the event. “Decision-making stalls as members try to identify the cause, leading to reactive actions and delays,” he added, emphasizing that this is when damages are most likely to escalate.
Many projects choose not to pause smart contracts due to concerns about reputation, while communication with users is almost completely disrupted. Amador warns that silence only increases panic rather than controlling it.
“Almost 80% of projects that have been hacked cannot be fully recovered,” he emphasized. “The main cause is not the loss of initial assets but the breakdown of operations and trust during incident handling.”
Most projects cannot survive even after fixing the issue
Trust is currently the most fragile asset in the cryptocurrency space. Alex Katz, CEO and co-founder of Web3 security firm Kerberus, said that even when incidents are technically resolved, they often mark the beginning of a project’s collapse. “Of course, there are exceptions, but in most cases, a major attack means a death sentence,” Katz stated, pointing out that users will abandon the project, liquidity will decline, and reputation will be permanently damaged.
While smart contract attacks have historically been the focus, recent losses mainly stem from operational errors and human factors. “Human error is clearly the weakest link in cryptocurrency security,” Katz analyzed, noting that most current damages come from users approving malicious transactions, interacting with fake interfaces, or inadvertently exposing security keys.
Earlier this month, a cryptocurrency user lost over $282 million in Bitcoin (BTC) and Litecoin (LTC) in one of the largest social engineering scams ever recorded. The individual was tricked by a fake Trezor support staff member into revealing their hardware wallet recovery phrase.
Cryptocurrency-related hacks surged in 2025, targeting both major platforms and individual wallets, resulting in total losses of up to $3.4 billion — the highest since 2022. Just three incidents, including the $1.4 billion Bybit hack, accounted for 69% of total losses as of early December.
The cyberattack on Bybit valued at $1.4 billion contributed to nearly half of the total damages in 2025 | Source: Chainalysis“Besides Bybit, we also saw an increase in attacks that bypassed smart contracts entirely to exploit protocol vulnerabilities,” Amador commented.
The development of artificial intelligence has made these attacks even more effective. Amador said social engineering campaigns can now be scaled massively, allowing attackers to send thousands of personalized scam messages daily.
2026 could be the year of explosive growth for cryptocurrency
Despite somewhat bleak figures, cryptocurrency experts remain optimistic about the future. Amador believes that smart contract security is improving rapidly thanks to more advanced development methods, thorough audits, and increasingly mature tools. “I believe 2026 will be the breakout year for smart contract security,” he stated, pointing to the rise in onchain monitoring technologies, firewalls, and threat intelligence.