Theft Is Just the Beginning: The Slow Collapse Behind Cyber Attacks

Author: Andjela Radmilac

Compiled by: Saoirse, Foresight News

Original title: Under the Shadow of Hackers, More Than Just the Demise of Funds

Cryptocurrency exploits can drain a wallet in minutes, but the full extent of the losses often takes months to fully materialize. Token prices continue to fall, project treasuries shrink, hiring freezes, and even projects that survive the theft may completely lose their future in the subsequent turmoil.

Cryptocurrency hacks never end the moment the wallet is emptied. The theft is swift and direct, followed by a slower collapse that begins to spread within the project.

Tokens continue to decline, funding pools shrink accordingly, hiring plans are cut, product development is delayed, and partners withdraw one after another. Projects that should be focusing on recovery end up spending months rebuilding credibility instead of building.

This is precisely the scene depicted in Immunefi's latest "2026 On-Chain Security Status Report." Its core argument applies to any market—whether in the crypto industry or traditional sectors: the initial loss is only part of the damage.

The more serious issue lies in the devastating impact of the exploit on the project's future. Immunefi data shows that the average direct amount stolen per attack in their sample was approximately $25 million, while the median drop in stolen tokens within six months was as high as 61%. During this period, 84% of the tokens failed to return to their pre-attack prices, and project teams spent at least three months on post-incident recovery, delaying normal development.

However, this data comes with a caveat: token declines have multiple causes, and many projects were already vulnerable before the attack—suffering from poor liquidity, overvaluation, or having already lost momentum.

Immunefi acknowledges that they cannot completely separate the impact of hacks from broader market weakness or the projects' own issues. Even so, the patterns revealed in the report are still noteworthy: hacker attacks are no longer isolated theft events but more like a long-tail corporate crisis.

The value of this report lies in its proof that, after the热点 news fades, the后续 effects of hacker attacks continue to cause long-term harm.

Median Attack Losses Are Decreasing, but Extreme Attacks Are Becoming More Dangerous

According to Immunefi's statistics, 191 crypto attacks occurred in 2024-2025, with total losses of $4.67 billion; over five years, 425 attacks累计 occurred, with total losses reaching $11.9 billion.

The number of attacks per year has hardly changed: 94 in 2024, 97 in 2025, roughly flat with 2023. This indicates that the overall security of the market has not significantly improved. Hacker attacks have become the norm in the crypto industry, and a few giant attacks are enough to define the industry's risk for an entire year.

The report reveals a core contradiction:

The median loss from attacks in 2024-2025 was $2.2 million, lower than the $4.5 million in 2021-2023. On the surface, this seems like progress. However, the average loss was still about $24.5 million, more than 11 times the median; previously, this gap was only 6.8 times. The top five attacks accounted for 62% of all stolen funds; the top ten accounted for 73%.

This is an extremely dangerous distribution pattern: the market appears stable and safe until a giant event tears it apart. The scale of ordinary attacks has become smaller, but the real致命 risk lies in the tail—a few特大 incidents absorb the vast majority of losses and冲击 the entire market in a single day.

The most typical case is Bybit. The exchange's $1.5 billion exploit became the most iconic hack of 2025, with this single incident accounting for 44% of all funds stolen that year.

It's easy to view such events as news spectacles, but they expose a deeper problem of risk concentration: a single failure at a core platform is enough to distort the annual loss structure of the entire industry, revealing that huge risks are still piled up on a few critical nodes.

The Protracted Decline Is Where the Project Truly Begins to Collapse

The data on stolen funds in the report is certainly noteworthy, but the most alarming part is the section on price impact.

In Immunefi's sample of 82 hacked tokens:

• Within two days of the hack, the median drop was about 10%, roughly flat with the previous cycle;

• But the real冲击 emerged later: the median drop expanded to 61% after six months, higher than the 53% in 2021-2023.

Six months later:

• 56.5% of the hacked tokens had fallen more than 50%;

• 14.5% had fallen more than 90%;

• Only about 16% of tokens returned to or exceeded their pre-attack price levels.

Chart shows the median token price decline for 82 hacked tokens in Immunefi's sample from 2024 and 2025 (Source: Immunefi)

To understand the full impact of a hack, we can no longer view token price as an isolated market indicator. For the vast majority of crypto projects, the token is the treasury, the foundation for fundraising, and the public report card of credibility. A prolonged暴跌 directly cripples the project's operational cycle, hiring ability, bargaining power in partnerships, and internal morale.

The report points out that projects that suffer attacks often lose their security lead within weeks and enter a recovery period of at least three months. Even if the timeline varies by project, the consequences are clear: projects with crashed tokens and damaged brands have almost no breathing room or chance for a turnaround.

Many markets can withstand a theft, a bad quarter, or even a reputation crisis. But the crypto industry often compresses all three into the same event: the attack empties the treasury → the token暴跌 publicly revalues the project → partners withdraw before the internal cleanup is even finished.

Recovery in this environment is extremely difficult, and致命 for teams that were not well-funded to begin with.

Interdependency makes the situation worse. Immunefi believes the DeFi ecosystem has become increasingly interconnected, forming longer, more fragile risk chains between cross-chain bridges, stablecoins, liquid staking, restaking, and lending markets.

Although some cases in the report require external verification, the overall trend is undeniable: today's crypto systems have more complex layers, meaning the impact of a single attack will extend far beyond the affected protocol itself.

Centralized platforms remain at the epicenter of explosions.

The report shows that out of the 191 attacks in 2024-2025, only 20 targeted centralized exchanges, but these 20 caused losses of $2.55 billion, accounting for 54.6% of the total losses.

This shifts the problem from smart contract vulnerabilities back to asset custody, key management, and over-concentrated infrastructure. For an industry that often sells itself on "decentralized risk resistance," most of the huge losses still occur on highly trusted, centralized nodes.

But this does not mean all hacked projects are doomed to fail. The industry has entered a new phase: a project's survival no longer depends on whether it can withstand an attack, but on whether it can withstand the six months *after* the attack.

Theft is just the beginning of the crisis. What truly determines whether a project has a future is the long, slow,持续的 secondary damage that follows the attack.

Twitter:https://twitter.com/BitpushNewsCN

Bitpush TG Discussion Group:https://t.me/BitPushCommunity

Bitpush TG Subscription: https://t.me/bitpush