Crypto Hack losses led by a few major exploits: Immunefi
A new security report from Immunefi shows that crypto-hacking continues at a steady pace, with vulnerabilities concentrated in a small number of large-scale exploits.
In the year Analyzing 425 publicly known incidents between 2021 and 2025, the report estimates that the average hack has now yielded nearly $25 million in stolen funds. In the year In 2024 and 2025 alone, 191 hacks caused $4.67 billion in losses, with just five incidents accounting for 62% of the total.
While it represented a few instances, centralized exchange breaches accounted for most of the losses. 20 exchange hacks accounted for about $2.55 billion, or 55% of the total, which shows how much user funds have focused back on the downside.
Token markets also seem to be reacting more strongly to violations. Of the 82 hacked tokens in the study, an average of 61 percent of their value fell over six months, and 83.9 percent of their value fell over that period.
Immunefi CEO Mitchell Amador told Cointelegraph that “the market is becoming less forgiving,” now that breaches are signs of deeper issues in engineering, management and operational recovery.
Amador said the long-term effects of exploits often extend well beyond the initial loss.
The stolen funds are only the first layer of damage. The following are often more destructive: ongoing token value suppression, reduced treasury capacity, leadership disruption, lost development time, and erosion of user trust.
The report also describes how interconnected DeFi systems can amplify the fallout from a single event, with failures occurring across credit, securities and liquidity networks.
One example involves the fall of Elixir's DUSD stablecoin in November 2025. Elsir had frozen 65% of DEUSD's securities with Stream Finance, which indicated a loss of $93 million from the foreign fund manager. As Stream's stablecoin xUSD plunged 77%, deUSD support faltered, redemptions stalled and panic selling hit curve troughs, ultimately sending deUSD down more than 97%.
Related: South Korea Sells $21.5M in Bitcoin Recovered After Security Breach
Recent exploits highlight ongoing security risks in crypto
Crypto-related hacking losses fell to $26.5 million in February, the lowest monthly total in nearly a year, according to PeckShield, which saw several security incidents in March.
Google researchers have reported a new exploit kit targeting Apple iPhone users designed to steal cryptocurrency wallet seed phrases. The toolkit, known as Corona, contains several exploit chains that can target devices running different versions of Apple's iOS and is linked to phishing websites masquerading as crypto platforms.
Bitcoin-based DeFi platform's Solv protocol also affected less than 10 users, with one of its token vaults reported to have been used for around $2.7 million. The project offered 10% to the attacker to cover the losses and return the money while security firms investigate the breach.
Separately, the Bonk.fun domain was hacked after attackers found a group account and deployed a wallet draining technique on the site. The project has warned users not to connect to the platform while the team works to take control of the domain.
Meanwhile, NFT lending platform Gondi disabled a faulty smart contract after it allowed an attacker to steal $230,000 worth of NFTs. The project said it was investigating the vulnerability, which included contracts to sell compromised NFTs and repay loans, and is compensating affected users.
Magazine: All 21 Million Bitcoins From Quantum Computers Are At Risk
