Theft Is Just the Beginning: The Slow Collapse Behind Hacker Attacks

Author: Andjela Radmilac

Translation: Saoirse, Foresight News

Original Title: Under the Shadow of Hackers, It’s Not Just Funds That Disappear

Crypto vulnerability attacks can drain a wallet within minutes, but full losses often take months to fully reveal themselves. Token prices keep falling, project funds shrink, hiring freezes, and even projects that survive theft events may lose their future in subsequent turmoil.

Cryptocurrency hacking never ends the moment a wallet is emptied. The theft is swift and obvious, but then a slower collapse begins to spread within the project.

Tokens continue to decline, funds diminish, hiring plans are cut, product development is delayed, and partners withdraw. Projects that should be focused on recovery instead spend months restoring reputation rather than building.

This is exactly the scene depicted in Immunefi’s latest “On-Chain Security Report 2026.” Its core message applies to any market — whether crypto or traditional: initial losses are only part of the damage.

The more serious issue is the destructive impact of vulnerability attacks on a project’s future. Immunefi data shows that the average direct theft amount per attack in their sample is about $25 million, and the median price drop of stolen tokens within six months reaches 61%. During this period, 84% of tokens do not return to their stolen-day prices, and project teams need at least three months for cleanup and recovery, delaying normal development.

But these figures come with caveats: token declines have multiple causes, and many projects were already fragile before the attack — with poor liquidity, overvaluation, or lost growth momentum.

Immunefi admits they cannot fully separate the impact of hacker attacks from broader market downturns or project-specific issues. Nonetheless, the patterns revealed in the report are worth noting: hacker attacks are no longer isolated thefts but resemble long-tail corporate crises.

The value of this report lies in proving that after the hype fades, the aftermath of hacker attacks continues to cause long-term damage.

Median attack losses are decreasing, but extreme attacks are becoming more dangerous

Immunefi statistics show that from 2024 to 2025, there were 191 crypto attack incidents, with total losses of $4.67 billion; over five years, 425 attacks occurred, totaling $11.9 billion in losses.

The number of attacks each year remains nearly unchanged: 94 in 2024, 97 in 2025, roughly the same as 2023. This indicates no significant improvement in overall market security. Hacker attacks have become routine in the crypto industry, and a few massive attacks can define the entire year’s risk.

The report highlights a core contradiction:

The median loss per attack in 2024–2025 is $2.2 million, lower than the $4.5 million in 2021–2023. On the surface, this seems like progress. But the average loss remains high at about $24.5 million, more than 11 times the median — up from 6.8 times previously. The top five attacks account for 62% of stolen funds; the top ten account for 73%.

This is an extremely dangerous distribution: the market appears stable and safe until a massive event tears it apart. Smaller attacks have shrunk in scale, but the real deadly risk lies in the tail — a few large incidents absorb most losses and shake the entire market in a single day.

A prime example is Bybit. The $1.5 billion vulnerability attack on this exchange became the most iconic hacker event of 2025, accounting for 44% of all stolen funds that year.

People often see such events as news spectacles, but they reveal a deeper risk concentration issue: a single breach of a core platform can distort the entire industry’s annual loss structure, exposing key nodes with enormous risks still lurking.

Long decline is the true start of project collapse

While data on stolen funds in the report is noteworthy, the most alarming part is the price impact.

Among the 82 stolen tokens tracked by Immunefi:

• Within two days of theft, the median price drop is about 10%, roughly the same as previous cycles;
• But the real impact appears later: over six months, the median decline expands to 61%, higher than 53% in 2021–2023.

After six months:

• 56.5% of stolen tokens have lost more than 50% of their value;
• 14.5% have lost over 90%;
• Only about 16% of tokens have regained their pre-theft prices.

The chart shows the median token price decline (source: Immunefi) for 82 tokens attacked in 2024 and 2025.

To fully understand the impact of hacker attacks, we can no longer view token prices as isolated market indicators. For most crypto projects, tokens are the treasury, funding basis, and a public reputation report card. Long-term declines directly damage operational cycles, hiring ability, partnership leverage, and internal morale.

The report notes that projects often lose their security leaders within weeks of an attack and require at least three months for repairs. Regardless of the timeline, the consequences are clear: projects with token crashes and damaged brands have little room to breathe or recover.

Many markets can withstand a theft, a bad quarter, or even a reputation crisis. But in crypto, these are often compressed into a single event: attack drains funds → token plummets, revaluing project worth → partners leave before cleanup is complete.

Recovery in such an environment is extremely difficult, especially for teams with limited funds.

Dependence on risk makes things worse. Immunefi believes that DeFi ecosystems are becoming more interconnected, forming longer and more fragile risk chains across cross-chain bridges, stablecoins, liquidity staking, re-staking, and lending markets.

Although some cases in the report still need external verification, the overall trend is clear: today’s crypto systems are more complex, meaning the impact of a single attack can far exceed the affected protocol, spreading outward.

Centralized platforms remain the explosion point.

The report shows that out of 191 attacks in 2024–2025, only 20 targeted centralized exchanges, but these caused losses of $2.55 billion, accounting for 54.6% of total losses.

This shifts the focus from smart contract vulnerabilities back to asset custody, key management, and infrastructure over-concentration. For an industry that touts “decentralization and risk resistance,” most of the massive losses still occur at highly trusted centralized nodes.

But this doesn’t mean all hacked projects are doomed. The industry has entered a new phase: whether a project survives no longer depends on enduring a single attack, but on withstanding the six months afterward.

The theft is just the beginning of the crisis. Whether a project has a future depends on the long, slow, ongoing secondary damage after the attack.