A crypto hack by no means ends when the pockets is drained. The theft lands first, quick and visual, after which a slower collapse begins to work via the remainder of the undertaking.
The token retains sliding, the treasury shrinks with it, hiring plans get in the reduction of, product deadlines transfer, companions draw back, and the corporate that was imagined to get well spends months combating for credibility as an alternative of constructing.
That is the image Immunefi’s new “State of Onchain Safety 2026” report paints. Its argument is straightforward sufficient for any market, crypto or in any other case: the preliminary loss is just one a part of the harm.
The a lot larger downside comes from what the exploit does to a undertaking’s future. Immunefi says the common direct theft in its pattern got here to about $25 million, whereas hacked tokens noticed a median six-month decline of 61%. In that window, 84% didn’t get well to their hack-day value, and groups misplaced at the least three months of progress to restoration work.
However these numbers include caveats. Token costs fall for a lot of causes, and hacked initiatives are sometimes fragile earlier than an exploit hits. Some are illiquid, overvalued, or already shedding momentum.
Immunefi acknowledged that it could’t all the time absolutely separate hack harm from broader market weak point or project-specific troubles. Even so, the sample it lays out deserves consideration as a result of it exhibits that hacks do not behave like remoted thefts anymore, they usually now seem like long-tail company crises.
That is what offers weight to the report: it exhibits how typically the post-hack interval retains inflicting harm properly after the headline fades.
The median hack might need reduced in size, however the worst ones bought extra harmful
Immunefi counted 191 hacks throughout 2024 and 2025, totaling $4.67 billion and bringing its five-year complete to 425 hacks and $11.9 billion in losses.
The yearly depend barely moved, with 94 identified hacks in 2024 and 97 in 2025, nearly an identical to 2023. That tells us that the market did not do an excellent job of changing into safer. Hacks are actually simply a part of on a regular basis life in crypto, whereas the enormous ones go on to outline the 12 months.
The principle contradiction specified by the report is within the averages.
The median theft in 2024-2025 was $2.2 million, down from $4.5 million in 2021-2023. On the floor, which may seem like progress. Nevertheless, the common theft nonetheless got here to roughly $24.5 million, greater than 11 occasions the median. Within the precedent days, that hole was 6.8 occasions. The highest 5 hacks accounted for 62% of all funds stolen, and the highest 10 made up 73%.
This can be a very harmful form of distribution. It makes the market appear and feel secure and steady till one big occasion rips via it. So, the everyday exploit is perhaps smaller than it was, however the hazard sits within the tail. That is the place a handful of giant failures take up a lot of the harm and crash the market in a day.
Simply have a look at Bybit. The alternate’s $1.5 billion exploit grew to become the defining hack of 2025 and, in Immunefi’s accounting, represented 44% of all funds stolen that 12 months.
It is simple to deal with that form of occasion as a spectacle. But it surely reveals a a lot deeper focus downside. One failure at one main venue can distort the trade’s annual loss profile and expose how a lot danger nonetheless sits in simply a few essential chokepoints.
The longer decline is the place initiatives begin to break
Whereas the report’s knowledge on theft is definitely attention-grabbing, essentially the most eye-opening half is its value harm part.
In Immunefi’s pattern of 82 hacked tokens, the preliminary shock was basically the identical. The median two-day decline was about 10%, roughly according to the sooner cycle. However the greatest impact was felt later, because the median six-month decline worsened to 61%, up from 53% within the 2021-2023 examine.
On the six-month mark, 56.5% of hacked tokens had been down greater than half, and 14.5% had been down greater than 90%. Solely about 16% traded above their hack-day value six months later.
To know the total impact of a hack, we have to cease treating token costs as an remoted market characteristic. For many crypto corporations, the token acts as a treasury, financing base, and sometimes a public scorecard. A protracted drawdown cuts immediately into an organization’s runway, recruiting energy, dealmaking leverage, and inside morale.
The report famous that hacked initiatives typically lose safety management inside weeks and spend at the least three months in restoration mode. Even when these timelines fluctuate by undertaking, the results are plain to see. An organization with a broken token and a broken model has fewer methods to purchase time.
Loads of markets can take up a theft, or a foul quarter, or perhaps a reputational hit. However crypto typically compresses all three into the identical occasion. The exploit drains funds, the token reprices the enterprise in public, and counterparties react earlier than the inner cleanup is completed. That is a tough surroundings wherein to get well, particularly for groups that had been by no means overcapitalized within the first place.
Dependency danger makes it even worse. Immunefi argues {that a} extra interconnected DeFi stack has created longer chains of vulnerability throughout bridges, stablecoins, liquid staking, restaking, and lending markets.
That time ought to be dealt with rigorously, particularly when the report makes use of case research that deserve outdoors verification. Nonetheless, the broader path is difficult to dismiss. Crypto techniques are extra layered than they had been just a few years in the past, and meaning a hack can journey a lot farther than the protocol the place it began.
Centralized venues nonetheless sit close to the middle of the blast zone.
The report says solely 20 of the 191 hacks in 2024-2025 concerned centralized exchanges, but these incidents accounted for $2.55 billion, or 54.6% of all stolen funds.
That pushes the difficulty past simply smart-contract bugs and again towards custody, key administration, and infrastructure focus. For a market that usually sells decentralization as a treatment for fragility, a few of the largest losses nonetheless emerge from locations the place belief is concentrated.
But it surely does not imply each hacked undertaking is doomed. The trade has now entered a part the place survival would not depend upon whether or not a crew can endure a hack, however whether or not it could endure the six months that come subsequent.
The theft begins the disaster, however the slower harm decides whether or not the undertaking nonetheless has a future as soon as the market strikes on.
