Average Loss from Crypto Hacks Reaches $25 Million

Average loss from a crypto hack is $25 million, excluding native coin collapse.

The average loss from a single crypto protocol hack is approximately $25 million, excluding the subsequent collapse of native coins, according to The Block, citing Immunefi.

The number of attacks has not decreased: 94 incidents were recorded in 2024, and 97 in 2025.

Over two years, cybercriminals executed 191 hacks, costing the industry $4.67 billion. In total, 425 attacks occurred over five years, with a cumulative loss of $11.9 billion.

Analysts noted a shift in risk structure. The median loss decreased from $4.5 million to $2.2 million, indicating progress in defending against routine attacks. However, the average loss per project remains high at around $24.5 million.

Statistics are skewed by rare but large-scale incidents. The five largest attacks in 2024 and 2025 accounted for 62% of all stolen funds, while the top ten accounted for 73%.

For instance, the Bybit exchange hack alone, with a $1.5 billion loss, constituted 44% of the industry’s total losses in 2025 and 32% over the two years.

The concentration of losses is not limited to individual large attacks. Centralized exchanges accounted for only 20 of the 191 incidents, yet they were responsible for more than half of the total losses—$2.55 billion. Experts emphasized that custodial risks remain the primary cause of the industry’s most devastating “failures.”

Recovery of Prices—A Rarity

The market’s reaction to hacks has become more severe. Tokens of affected protocols lose about 10% of their value on average in the first two days.

Long-term consequences are becoming more serious: median losses reach 61% after six months (compared to 53% in the previous reporting period).

Six months post-incident, tokens trade below pre-attack levels. Only 16% of assets manage to recover and exceed previous price levels.

The consequences of incidents extend beyond price declines. Since many projects hold native tokens in treasuries, a 61% drop directly reduces the operational budget. This predictably limits the ability to hire developers and fund updates.

The close interconnection between protocols makes the industry even more fragile, noted Immunefi. Experts cited the collapse of the deUSD stablecoin in 2025 as an example. Losses cascaded, leading to withdrawal freezes, forced sales, and a collapse in TVL across several platforms.

Internal processes of affected startups are also severely destabilized. Security teams typically change within weeks after a hack. Product development halts as developers focus on mitigating the aftermath. Recovery requires at least three months of concentrated effort.

Back in January, Immunefi CEO Mitchell Amador described a major hack as a “death sentence” for 80% of protocols. According to him, the main cause of collapse is not the direct loss of funds but “managerial chaos and loss of trust.”