- Nearly 80% of crypto projects hit by a major hack never fully recover, mainly due to operational breakdown and loss of trust.
- Teams often freeze in the first hours after a breach, lacking incident plans and delaying decisive action.
- Operational and human-layer failures—like social engineering and malicious approvals—are increasing alongside smart-contract exploits.
- Crypto losses surged to $3.4 billion in 2025, with a $1.4 billion incident on Bybit accounting for a large share; data from Chainalysis shows three incidents made up 69% of losses.
- Smart contract security is improving, and 2026 may bring stronger defenses, but response readiness and immediate communication remain unresolved vulnerabilities.
Mitchell Amador, CEO of security firm Immunefi, says nearly 80% of projects that suffer major hacks never fully recover, largely because responses break down and trust collapses. He warned that teams are often unprepared and that the first hours after a breach cause the most damage.
Amador described how protocols enter paralysis when an exploit appears. “Most protocols are fundamentally unaware of the extent to which they are exposed to hacks, and are not operationally prepared for a major security incident,” he said, adding that “Decision-making slows as teams scramble to understand what happened, leading to improvization and delayed action.”
Projects frequently avoid pausing smart contracts out of reputational fear, and communication with users often fails entirely. Amador said silence usually amplifies panic and that delayed or improvised responses can lead to additional losses.
Alex Katz, CEO of Kerberus, noted that even technically resolved incidents can end projects by driving away users and liquidity. He said human error is the weakest link, as attackers increasingly exploit approvals, fake interfaces, and exposed keys.
In 2025, total crypto losses reached $3.4 billion, with three incidents—including a $1.4 billion hack on Bybit—making up 69% of that amount. One social engineering case this month cost a user about $282 million after an attacker impersonated Trezor support and obtained the victim’s seed phrase. Amador also flagged that advances in AI have amplified scalable phishing and tailored social-engineering attacks.
Amador remains cautiously optimistic on defenses, saying “I think 2026 will be the strongest year yet for smart contract security.” He urged teams to act decisively and communicate immediately after incidents, arguing that pausing protocols early usually causes less harm than prolonged uncertainty. Read the Editorial Policy.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
