The release of a new report by cybersecurity platform Immunefi sheds light on the enduring impact of cyber-attacks on cryptocurrency projects, illustrating that the true repercussions often become visible months after the initial incident. Titled “State of Onchain Security 2026,” the document delves into the sustained hurdles faced by the crypto industry, plagued by recurring security breaches.
Do Crypto Attacks Continue to Haunt the Sector?
Yes, they do. Immunefi, renowned for its work in uncovering vulnerabilities and managing bounty programs for DeFi networks, identified 191 attacks in the crypto space from 2024 through 2025. These incidents led to losses amounting to $4.67 billion. Considering the last five years, total losses have reached $11.9 billion, underlining ongoing security challenges.
Despite the staggering financial impact, the number of yearly attacks barely fluctuated, with 94 cases in 2024 and 97 in 2025. This stability suggests that significant improvements in security measures remain elusive, while major attacks continue to highlight enduring risks throughout the year.
What Are the Aftermath and Lingering Consequences?
The real damage from these attacks extends far beyond their immediate financial toll. While projects’ tokens initially drop by 10% after a breach, further analysis in the report reveals that average losses can grow to 61% over a six-month period. Only a minority, approximately 16%, of these projects manage to regain their prior market value.
Such devaluation goes beyond affecting holders; it also poses significant challenges for project teams using these tokens for funding and treasury purposes. Dwindling token values hinder hiring, market competitiveness, and overall team morale.
Most projects face a loss of key security personnel soon after an attack. “We observe a minimum of three months before recovery efforts can effectively begin,” notes Immunefi. This period is marked by eroding trust, capital withdrawal, and decreased partnership chances within the industry.
Integration within DeFi ecosystems exacerbates risks, with vulnerabilities often spreading rapidly across interconnected protocols. Areas like cross-chain bridges and liquid staking are especially susceptible to these ripple effects.
Despite the various threats, centralized exchanges remain a focal point for significant breaches. A small portion of attacks aimed at exchanges accounted for over half of the total assets taken. Immunefi highlights these centralized entities as a “critical weak link,” suggesting that security concerns are not limited to smart contract errors.
