Last updated:
The market impact of a hack on a coin’s value continues and increases over time, lasting for at least six months after the incident, according to the ‘Hacks & Token Prices Report 2024’ by the major bug bounty and security services platform Immunefi.
Along with the report, the team is launching a dedicated platform that provides ongoing data on the actual financial impact of crypto hacks.
There Are More Damaging Factors to Coin Value Than a Hack
The report stressed that the ‘net value stolen’ is the most widely used figure but that it “grossly underestimates the damage” hacks cause.
Though a standard, this figure fails to consider “other ways hacks wreak damage.”
Many of these so-called “contributors to total hack damage” are difficult to quantify but are more financially damaging than the hack itself, the researchers remarked.
The most unrecognized contributors include market impact, dependency impacts, and talent and organizational impact.
Hack’s Influence Persists Even Six Months Later
The Immunefi team focused on the market impact—the damage suffered by token prices due to a hack, which can last for long periods of time.
It observed 176 hacks occurring between 2021 and 2023. More specifically, it looked at the performance of the hacked protocols’ native tokens within five different timelines: the day of the hack, two days, five days, three months, and six months after the event.
What the researchers found is that, two days after the hack, the median native token price saw a 10% drop.
More precisely, 34% of the affected tokens fell 10%, 11.4% fell over 50%, and 5.1% fell over 90%.
In the five-day period post-hack, the median token price decline was 19%. Now, more than 7% of the tokens fell over 90%.
One month after the hack, the median token price fall was 27%. 9% of the observed tokens’ prices decreased by over 90%.
The effect continued. Three months post-hack, Immunefi found that the prices saw a 43% median decrease. Now, 11% of the token prices dropped over 90%.
Lastly, six months after the hack, the median token price decline was 53%. Also, 16% of prices fell more than 90%.
Of the observed tokens, ORT was the most affected. Its price fell the most in the two-day, five-day, three-month, and six-month periods – a 100% drop in each.
The BOG token overtook ORT in the one-month timeframe with its own 100% fall.
A Hack is Only the Beginning for A Coin Value Downward Spiral
According to Immunefi’s Founder and CEO Mitchell Amador, “getting hacked is the beginning of the damage, not the end.”
“The millions lost to the hack immediately anticipate even larger losses, caused by market impact and dependency impact, alongside many months of lost time spent rebuilding your emotionally shattered team and operations,” Amador remarked.
Some of the most severe examples of exploits saw up to $625 million lost in a single attack, with coin values plummeting after the hack.
However, the Immunefi team wanted to investigate the immediate market impact of a hack. Therefore, the focus was on the token prices two days after the incident.
It confirmed that the amount lost is “only part of the total damage.”
Per the report, “token prices significantly decline following a hack, further extending the losses specifically due to the market impact of the attack.”
Among the observed projects, Euler Finance’s EUL token recorded the highest loss within the first two days after its $197 million hack. The price fell 58% from $6.33 to $2.68.
Other notable examples include Mixin Network’s XIN token falling 5% after a $200 million loss, Venus Protocol’s XVS token recording a 41% fall following a $200 exploit, and Ronin Network’s RON seeing a 19.8% price decline two days after its $625 million security breach.
BNBChain also suffered an exploit, witnessing a $100 million loss. In the two days that followed, the BNB token saw a 3.2% decline from $296.29 to $286.77.
Notably, one month after a hack, “a review of major hacks and their respective token price movements reveals that only the BNB token showed a significant price recovery.”
The other tokens didn’t recover within one to three months.
“This further demonstrates the persistent negative effects of a hack on a protocol’s token price and market value,” the team concluded.