Every few months a nine-figure crypto hack lands, the screenshots fly, and the obituaries write themselves.
Mitchell Amador, founder and CEO of crypto safety project Immunefi, has spent years watching that cycle from the one seat with a full view of the wreckage.
The data is not subtle. Industry-wide DeFi protocol losses fell roughly 80%, from a $2.62 billion peak in 2022 to $534 million in 2024.The 2025 figure ticked back up to $680 million, but that bump came from a handful of large incidents, not a broad collapse.
Here's what you need to know to keep your crypto safe in 2026:
The Numbers Crypto's Doomers Keep Ignoring
The number Amador watches most, median loss per exploit, dropped from $6 million in 2022 to $1.5 million in 2025. Smaller hits, more value secured, better odds.
"DeFi is securing far more value than it did in the last cycle, the largest repeatable attack classes are shrinking, and median exploit size is falling," says Amador.
'Unacceptable' and 'getting worse' are not the same claim, and the data only supports the first one."
The generic killers of early DeFi are nearly extinct. Bridge exploits fell from 73% of all losses in 2022 to 3% in 2025. Flash-loan attacks went from 54% of losses in 2020 to under 1%. What's left is harder to find: in 2025, 89% of losses came from novel, protocol-specific logic flaws.
AI Won't Save You. It'll Just Make You Faster at Getting Hacked.
The obvious fear is that AI hands attackers a master key. Amador's read is colder than that.
"On offense, AI lowers the barrier to entry," Amador tells us. "
But the most valuable DeFi exploits were never syntax bugs. The gap does not close for whoever has AI. It closes for whoever pairs AI with human security discipline. Treat AI as a replacement for that discipline and you have just built a faster way to get exploited."
The Next Billion-Dollar Hack Won't Come From One Chain
His real worry is the risk the data has barely started to capture. Protocols now deploy the same code across six or more networks at once, which means one flaw can fire everywhere simultaneously. The Balancer V2 exploit did exactly that, draining $128 million across Ethereum, Arbitrum, Base, Polygon, Sonic, and OP Mainnet. People filed it as a bridge failure. It wasn't.
"The next systemic failures probably will not come from one chain being insecure," Amador says. "They will come from shared assumptions failing everywhere at once: shared code, shared signers, shared oracles. These dependencies stay invisible right up until one of them breaks."
The cleanest ecosystems prove scale and safety can grow together. On a loss-to-TVL basis, Ethereum and Solana both sit near 0.42%, BNB Chain near 0.33%. Amador's verdict on the whole arc is one line: the industry is learning.
Mitchell Amador is founder and CEO of Immunefi, the onchain security platform and bug bounty marketplace that operates as a central clearinghouse for crypto exploit data across the DeFi ecosystem.
