According to Mitchell Amador, CEO of Web3 security platform Immunify, four out of five crypto projects that suffer a major hack never fully recover.
Amador told Cointelegraph that most protocols enter a state of paralysis the moment an exploit is discovered. “Most protocols are fundamentally unaware of the extent to which they are exposed to hacks, and are virtually unprepared for a major security incident,” he said.
According to Amador, the first hours after a breach are often the most damaging. Without a predefined incident plan, teams hesitate, debate next steps and lose sight of how deep a compromise can be. “Teams become sluggish due to decision-making that is hollow to understanding, which leads to delays in improvement and action,” he said, adding that this is often the case when additional losses occur.
Projects often avoid blocking smart contracts for fear of reputational damage, while communication with consumers breaks down entirely. Amador warns that silence increases panic rather than controlling it.
“About 80% of hacked projects never fully recover,” he said. “The primary reason is not the initial loss of funds, but the breakdown of operations and confidence during the response.”
Related: The TriBit exploit has exposed the flaw in the smart contract behind the m26 million token mint
Most projects don’t survive after fixing a major hack
Trust has become the most critical asset in crypto. Even technically resolved incidents often signal the beginning of the end, said Alex Katz, CEO and co-founder of Web3 security firm Kerberus. “There are always exceptions, but in most cases a major exploit is the death penalty,” Katz said, adding that customers leave, liquidity dries up and reputational damage becomes permanent.
While smart contracts once dominated the headlines, recent losses increasingly stem from failures at the operational and human layers. “Human error is clearly the weakest link in crypto-security,” Katz said, explaining that most losses now come from maliciously approving transactions, interacting with fake interfaces, or inadvertently exposing their keys.
Earlier this month, a crypto user lost more than $282 million worth of Bitcoin (BTC) and Litecoin (LTC) in one of the largest social engineering attacks ever recorded in the crypto sector. The user was allegedly tricked by an attacker impersonating Treasure Support, who tricked him into revealing his hardware wallet’s seed phrase.
Crypto-related hacks increased in 2025, with attackers targeting major platforms and individual wallets, causing a total loss of $3.4 billion since 2022, the highest level since 2022. Just three incidents, including the Bible hack, accounted for 69 percent of all losses ($1.4 billion) in early December.
“Beyond the Bible, we’ve seen an increase in similar attacks that completely bypass smart contracts and exploit protocol vulnerabilities,” Amador noted.
Advances in artificial intelligence have only made these attacks more effective. Social engineering campaigns can now scale rapidly, allowing attackers to send thousands of tailored phishing messages per day, Amador said.
Related: The Hidden Threat of Public Wi-Fi: How a Single Approval Wiped Out Crypto Wallets
2026 could be crypto’s strongest year yet
Despite the grim statistics, crypto experts are optimistic. Amador believes that smart contract security is rapidly improving through better development practices, stronger audits and more mature tooling. “I think 2026 will be the strongest year yet for smart contract security,” he said, pointing to the growing adoption of onchain monitoring, firewalling and threat intelligence.
However, an unsolved problem is the preparation of the response. Amador emphasized that teams should act decisively and communicate immediately when an incident occurs, even if the full scope is unclear. He claimed that stopping the protocol too quickly is far less harmful than allowing uncertainty to spiral.
Magazine: How Crypto Rules Changed in 2025 – and How They Will Change in 2026
