In 2025, crypto fraud, hacking, and exploits have risen significantly. Over $2 billion was stolen from cryptocurrency services in the first six months. Mitchell Amador, CEO of Web3 security platform Immunefi, thinks that many teams simply consider security as a “pre-release checkbox.”
In an exclusive interview with Beincrypto, Amador also highlighted that millions of bugs to pay hackers can prevent billions of losses and be more effective than traditional cybersecurity.
Why is Crypto Hacks rising in 2025?
In a recent report, Beincrypto emphasized that 2025 is becoming the worst year on record in terms of total stolen money. This year, the industry has already witnessed Bybit Hack, the biggest offense to date.
Additionally, hackers continue to steal millions of dollars from crypto exchanges and affiliates.
In fact, Chainalysis predicts that the total amount of stolen funds from Crypto Services could exceed $4.3 billion by the end of the year. This depicts a bleak outlook for the industry and presents an ongoing risk that threatens its security and stability.
Importantly, TRM Labs revealed in the first half of 2025 that over 80% of stolen funds were attributed to infrastructure violations. But why is this happening?
According to Amador, this year’s crypto hack escalation stems from a fundamental flaw in the number of projects approaching security.
“2025 was the year when the “fast” idea of code hit a wall. Billions of people are pouring into the on-chain ecosystem, and many teams are treating security as a pre-launch checkbox,” he told Beincrypto.
He explained that after launch many projects will upgrade smart contracts, integrate oracles, and change governance structures without revisiting the original risk model. This continued lack of risk assessment led to an increase in post-deployment exploits.
“Security needs to go from static to continuous. This means not only real-time threat monitoring, human-aware response protocols, and one-time audits, but tools to keep pace with evolving risks. The industry as a whole should treat security as an infrastructure rather than an insurance,” added Amador.
Bug bounties are the key to preventing crypto hacks
Security measures must continue to evolve, but CEO Immunefi also proposed a bug bounty. He says they are more effective than traditional cybersecurity methods in crypto space.
In context, bug bounties are the rewards that an organization provides to individuals identifying and reporting security vulnerabilities in a software or system. These “ethical hackers” or bug bounty hunters help companies identify and address weaknesses before malicious actors exploit them.
Rewards are usually monetary and vary based on the severity, complexity and potential impact of the reported bug.
Amador pointed out that the key to preventing exploitation is making it more profitable than launching an attack. This is where a well-designed bug bounty program comes in.
“Crypto flips the rules. In Web2, attackers need motivation. In crypto, money is motivation. When you start a $100 million smart contract, you just put a price tag on every bug. You paid over $100 million for a white hat.
It is noteworthy that white and black hat hackers may have similar technical skills, but their motivations are very different. Blackhat hackers exploit vulnerabilities to personal interests or malicious intents and harm individuals and organizations.
Meanwhile, white hat hackers work legally and ethically to enhance cybersecurity. So what would choose a white hat pass for some hackers?
“Three things: trust, benefits, recognition. If hackers know that the platform is paid fairly and quickly, they will turn it over. If the process is vague or the payment is weak, it becomes a black hat,” Amador revealed to Beincrypto.
Furthermore, the executive pointed out that today’s best white hats are not just individuals, they are part of global power. Elite security researchers have left traditional companies and form decentralized security flocks to respond in real time to threats across the ecosystem. This approach represents the future of national defense. This is a joint, fast, reputation style.
In theory, this may all sound simple, but in reality, managing ethical hacking efforts is extremely complicated. As Amador explained,
“Coordinating real-time response to live threats on Web3 is like mitigating bombs in public. If your team moves too slowly, you lose your funds.
Amador spoke of intense negotiations in which immunity over critical vulnerabilities is mediated between the protocol and the White Hat. If the bug was not blessed with the severity or disagreement occurred, imnefi’s role as a neutral mediator ensured a fair resolution.
“The most intense cases often occur outside the spotlight, but emphasize the need for a clear disclosure process and pre-committed incentives. That’s managing trust under pressure,” the CEO told Beincrypto.
The future of Web3 security
Despite the importance of the bug awards, Amador emphasized that they are just one layer of security. He said the next phase of Web3 security will be automated, continuous and human-centric.
“We need an autonomous system that scans code, models behavioral threats and responds instantly. From contract exploits to phishing and insider risks. We’ll also build initiatives that allow elite white hats to act like a 24/7 rapid response team.
However, Amador emphasized that cryptography remains vulnerable until such systems become standard. Once these security measures are in place, they unleash a new era of institutional investment and public trust, paving the way for a safer future.
Disclaimer
Following Trust Project guidelines, this feature article presents the opinions and perspectives of industry experts or individuals. Although Beincrypto is dedicated to transparent reporting, the views expressed in this article do not necessarily reflect the views of Beincrypto or its staff. Readers should independently verify the information and consult with experts before making decisions based on this content. Please note that our terms and conditions, privacy policy and disclaimer have been updated.
