Average Loss from Crypto Hacks Reaches $25 Million

The average loss from crypto hacks has reached $25 million, with significant impacts on the industry and individual projects, according to Immunefi.

The average loss from a single crypto protocol hack is around $25 million, not accounting for subsequent drops in native coin values. This was reported by The Block, citing Immunefi.

The number of attacks has not decreased: 94 incidents were recorded in 2024, and 97 in 2025.

Over two years, cybercriminals executed 191 hacks, costing the industry $4.67 billion. In total, there have been 425 attacks over five years, resulting in a cumulative loss of $11.9 billion.

Analysts noted a shift in risk structure. The median loss dropped from $4.5 million to $2.2 million, indicating progress in defenses against common attacks. However, the average loss for individual projects remains high at about $24.5 million.

Statistics are skewed by rare but large incidents. The five largest attacks in 2024 and 2025 accounted for 62% of all stolen funds, while the top ten made up 73%.

For instance, the damage from a single hack of the Bybit exchange at $1.5 billion constituted 44% of all industry losses for 2025 and 32% of the total over two years.

The concentration of losses is not limited to a few major attacks. Centralized exchanges experienced only 20 of the 191 incidents, yet these accounted for over half of the total losses—$2.55 billion. Experts emphasized that custodial risks remain the primary cause of the most devastating failures in the industry.

Market Recovery is Rare

The market's reaction to hacks has become more severe. Tokens of affected protocols typically lose about 10% of their value within the first two days.

Long-term consequences are becoming more serious: median losses after six months reach 61% (up from 53% in the previous reporting period).

Six months post-incident, tokens trade below their pre-attack values. Only 16% of assets manage to recover and exceed previous price levels.

Source: Immunefi.

The fallout from incidents extends beyond price drops. Many projects hold native tokens in treasuries, so a 61% decline directly reduces operational budgets. This predictably limits hiring capabilities for developers and funding for updates.

The close interconnection between protocols makes the industry even more fragile, as noted by Immunefi. Experts cited the example of the deUSD stablecoin collapse in 2025, where losses cascaded: withdrawals were frozen, forced sales occurred, and the Total Value Locked (TVL) of several platforms plummeted.

Internal processes of affected startups are also severely destabilized. Security teams usually change within weeks after a hack. Product development halts while developers focus on addressing the aftermath. Recovery requires at least three months of concentrated effort.

In January, Immunefi CEO Mitchell Amador described a major hack as a "death sentence" for 80% of protocols. He stated that the primary cause of failure is not the direct loss of funds, but rather "management chaos and loss of trust."