Crypto Hacks Inflict 61% Median Token Collapse, Immunefi Report Reveals

Key Takeaways

• Prolonged Financial Damage: The primary impact of a crypto hack is not the initial theft but the subsequent value erosion. Hacked project tokens experience a median price decline of 61% within six months of the incident.
• Massive Financial Losses: Across 2024 and 2025, a total of $4.67 billion was stolen in 191 separate hacking incidents, bringing the five-year total tracked by Immunefi to $11.9 billion across 425 hacks.
• Centralized Exchange Vulnerability: Centralized exchanges (CEXs) were the source of the largest losses. While representing only 20 of 191 hacks, these incidents accounted for $2.55 billion, or 54.6%, of all funds stolen.
• Low Recovery Probability: Recovery for hacked tokens is rare. The data shows 84% of affected tokens failed to return to their pre-hack price levels within the six-month analysis window.
• Concentration of Risk: The crypto market exhibits a dangerous concentration of risk, where the top five largest hacks accounted for 62% of all stolen funds, exemplified by the $1.5 billion Bybit exploit in 2025.

The Core Story

Onchain security firm Immunefi has released its “State of Onchain Security 2026” report, which concludes that the immediate financial theft from a cryptocurrency hack is merely the prelude to a more protracted and damaging corporate crisis. The report’s central argument is that the secondary effects, particularly the sustained collapse of a project’s native token, inflict far greater harm than the initial exploit. This long-term value destruction cripples a project’s ability to operate, hire, and build, turning a security incident into an existential threat.

Disclaimer: This article contains affiliate links. We may earn a commission at no extra cost to you. Our reviews are based on independent research and real data — affiliate partnerships never influence our ratings or recommendations.

The data illustrates a stark reality for compromised projects. While the average direct theft amounted to approximately $25 million, the subsequent market reaction was severe. Immunefi’s analysis found that hacked tokens saw a median six-month price decline of 61%. This prolonged financial pressure effectively strangles a project, as its token often serves as its primary treasury asset and public valuation metric. The report estimates that teams lose a minimum of three months of operational progress to recovery efforts, diverting critical resources from product development to crisis management.

The frequency of these incidents shows no sign of abatement. Immunefi documented 191 distinct hacks across 2024 and 2025, resulting in total losses of $4.67 billion. The annual count remained stubbornly consistent, with 94 known hacks in 2024 and 97 in 2025, figures nearly identical to 2023. This consistency suggests that industry-wide security measures have failed to meaningfully reduce the attack surface. Instead, exploits have become a predictable feature of the digital asset market, with survival now depending not on avoiding a hack, but on withstanding the severe financial and reputational fallout that follows.

The Numbers

The financial data within the Immunefi report reveals a market where risk is highly concentrated and the consequences of failure are severe. The total of $4.67 billion stolen between 2024 and 2025 brings the firm’s five-year tracked losses to a staggering $11.9 billion from 425 separate hacks. While the sheer volume of incidents is notable, the numbers tell a different story about the distribution of damage. The median theft value in the 2024-2025 period was $2.2 million, a figure that decreased from the $4.5 million median recorded between 2021 and 2023.

This decline in the median, however, masks a more dangerous trend. The average theft during the same 2024-2025 period was approximately $24.5 million, more than 11 times the median value. This gap between the average and median has widened significantly from the 6.8 times multiple observed in the earlier period. This disparity indicates that while the typical hack may be smaller, catastrophic, nine-figure exploits are becoming more impactful. The top five hacks alone accounted for 62% of all funds stolen, and the top ten incidents were responsible for 73% of the total.

The most critical data concerns the post-hack performance of associated tokens. Based on a sample of 82 hacked project tokens, the report identifies a clear pattern of value destruction that extends far beyond the initial event. The median two-day decline was approximately 10%, but the damage accelerated over time.

Time Since Hack	Median Token Price Decline
2 Days	~10%
6 Months	61%

At the six-month mark, 56.5% of the analyzed tokens were down by more than half their value, and a significant 14.5% had lost over 90% of their value. Only 16% of tokens managed to trade above their hack-day price after six months. This sustained collapse underscores the report’s main thesis: the theft initiates the crisis, but the subsequent market fallout determines whether the project has a future. The $1.5 billion exploit at the Bybit exchange in 2025 serves as a prime example of concentrated risk, as that single event represented 44% of all funds stolen for the entire year.

Market Impact

The findings from the Immunefi report characterize major crypto hacks not as isolated thefts but as long-tail corporate crises with systemic market implications. The extreme concentration of losses, where 73% of stolen funds originate from just ten incidents, creates a market that feels deceptively stable between catastrophic events. This dynamic fosters a false sense of security among participants, who may underestimate the systemic risk posed by a handful of critical infrastructure points. One failure at a major venue can redefine the industry’s entire annual loss profile, as seen with the Bybit incident.

The regulatory picture is also complicated by these findings. The fact that centralized exchanges accounted for $2.55 billion, or 54.6% of stolen funds, from just 20 incidents puts the focus squarely back on custody, internal controls, and key management practices at these regulated entities. While much of the industry narrative promotes decentralization as a security panacea, the data shows that the largest financial black holes still appear where trust and assets are most concentrated. This will likely attract further scrutiny from regulators who are already focused on consumer protection and financial stability within the digital asset sector.

This ongoing vulnerability of centralized platforms challenges their role as the primary onboarding ramps for retail and institutional capital. The persistence of nine-figure exploits suggests that conventional security audits and compliance frameworks are insufficient to counter sophisticated threats. The market impact is a continued erosion of trust, which may slow broader adoption. For a project, a hack is no longer just a technical failure; it is a public repricing of its business viability, its security posture, and its management’s competence, all played out in real-time on the open market.

Player Impact

For individuals participating in the crypto ecosystem, including those using digital assets for online gambling and betting, the report’s findings highlight a dual-layered risk. The most obvious threat is the direct loss of funds held on a compromised platform, whether it be an exchange or a DeFi protocol. If a user’s assets are part of a hacked liquidity pool or held in an exchange wallet that is drained, the chance of recovery is often minimal. This is a direct, tangible loss that underscores the importance of self-custody and careful platform selection.

The second, more insidious risk is the indirect loss through token value depreciation. A player might hold a platform’s native token for utility, governance, or as winnings. Even if their personal wallet remains secure, a hack of the underlying project can trigger the 61% median six-month value collapse detailed in the report. This means that winnings or balances held in a project’s token can evaporate long after the headlines about the hack have faded. This risk is particularly acute in the GameFi sector, where the value of in-game assets and platform tokens is directly tied to the project’s perceived security and stability.

This reality necessitates a more sophisticated level of due diligence from end-users. It is no longer sufficient to assess only the user-facing security features of a platform. Participants must also consider the security audits, treasury management, and overall resilience of the projects whose tokens they hold. The financial health of a protocol is now a direct component of a user’s personal risk assessment. For those involved in any form of online activity involving digital assets, it is crucial to understand these risks. Support is available for anyone who feels their gambling is becoming a problem through organizations like GambleAware and the National Council on Problem Gambling.

Industry Context

Immunefi operates as one of the most prominent bug bounty and onchain security platforms in the Web3 industry. Its business model is centered on incentivizing white-hat hackers to discover and responsibly disclose vulnerabilities in smart contracts and blockchain protocols before malicious actors can exploit them. The “State of Onchain Security 2026” report is a product of its extensive tracking of publicly disclosed security breaches, giving its findings a high degree of credibility within the sector. The report’s analysis moves beyond simple loss tallies to examine the cascading effects of these incidents.

The report also touches upon the growing complexity and interconnectedness of the decentralized finance ecosystem. Modern DeFi is characterized by layers of composable protocols, including bridges for cross-chain asset transfers, stablecoins, liquid staking derivatives, and lending markets. This intricate web of dependencies means that a single vulnerability in a foundational protocol can create a domino effect, spreading risk far beyond its origin point. This phenomenon, known as dependency risk, amplifies the potential damage from an exploit and makes it more difficult to contain the fallout.

The continued dominance of centralized exchanges as the locus of major financial losses is also a critical piece of industry context. Despite the philosophical push towards decentralization, CEXs remain the primary hubs for liquidity, trading volume, and user onboarding. Their centralized architecture, while offering user-friendliness, also creates single points of failure for custody and security. The $2.55 billion lost from these venues in 2024-2025 demonstrates that fundamental challenges around private key management and internal security controls persist, even at the industry’s largest and most established firms.

What Happens Next

The data presented by Immunefi suggests that the crypto industry is not on a clear path to improved security. With the number of hacks remaining stable year-over-year, the market should anticipate that large-scale exploits will continue to be a regular feature. The focus for security firms and protocols will likely shift further toward real-time threat detection, on-chain monitoring, and post-exploit incident response. We can also expect a greater emphasis on decentralized insurance protocols as a means of mitigating financial losses for users and projects alike.

For projects and development teams, the key takeaway is the need to plan for post-hack survival. The report makes it clear that the crisis truly begins after the funds are gone. This necessitates a strategic shift toward building operational resilience. Future project planning must include robust treasury diversification to reduce reliance on a single native token, well-defined crisis communication strategies to manage public perception, and sufficient capital reserves to fund a multi-month recovery effort. A project’s long-term viability will be judged less on its ability to prevent a hack and more on its capacity to endure one.

The regulatory environment will undoubtedly react to the continued loss of funds, particularly from centralized entities. We can expect increased pressure from global regulators for stricter security audit standards, mandatory insurance coverage, and greater transparency regarding custody arrangements. The distinction between DeFi and CEXs may become less relevant to regulators, who are primarily concerned with the aggregate consumer harm. The industry must prepare for a more stringent compliance environment where operational security is not just a best practice but a legal requirement.

Frequently Asked Questions

What was the main finding of the Immunefi report on crypto hacks?

The report’s primary conclusion is that the most significant damage from a crypto hack is not the initial theft, but the long-term financial collapse of the project’s token. This secondary effect leads to a median token price decline of 61% within six months, crippling the project’s ability to recover and operate.

How much did hacked crypto tokens fall in value after an exploit?

According to the Immunefi report’s analysis of 82 incidents, hacked tokens experienced a median price drop of 61% over the six months following the security breach. The data also showed that 84% of these tokens failed to recover to their pre-hack price within that same timeframe.

Are decentralized or centralized exchanges safer from hacks?

The report indicates a complex risk landscape. While decentralized finance (DeFi) protocols were hacked more frequently, centralized exchanges (CEXs) accounted for a disproportionately large share of the financial losses. CEXs were involved in only 20 of 191 hacks but were responsible for 54.6% of the total funds stolen, or $2.55 billion, highlighting them as major points of systemic failure.

How much money was lost to crypto hacks in 2024 and 2025?

Across 2024 and 2025, a combined total of $4.67 billion was stolen from cryptocurrency projects and platforms. This amount was lost over the course of 191 separate hacking incidents documented by Immunefi.