In 2025, there has been a notable rise in crypto scams, hacks, and exploits. Over $2 billion was stolen from cryptocurrency services in just the first six months. Mitchell Amador, CEO of Immunefi, a Web3 security platform, believes that many teams now view security as merely a ‘pre-launch checkbox.’
In an exclusive interview with BeInCrypto, Amador also stressed how paying hackers millions to identify bugs can prevent billions in losses and may be more effective than traditional cybersecurity.
Why Are Crypto Hacks Rising in 2025?
In a recent report, BeInCrypto highlighted that 2025 is shaping up to become the worst year on record in terms of the total value stolen. This year, the industry has already witnessed its largest breach to date, the Bybit hack.
Furthermore, hackers continue to steal millions of dollars from crypto exchanges and related firms.
In fact, Chainalysis has predicted that the total amount of stolen funds from crypto services could exceed $4.3 billion by year-end. This paints a bleak outlook for the industry, with ongoing risks threatening its security and stability.
Importantly, TRM Labs revealed that in the first half of 2025, over 80% of stolen funds resulted from infrastructure breaches. But why is this happening?
According to Amador, the escalation of crypto hacks this year stems from a fundamental flaw in how many projects approach security.
“2025 is the year crypto’s ‘build fast’ mindset hit a wall. Billions are flowing into onchain ecosystems, but too many teams treat security as a pre-launch checkbox,” he told BeInCrypto.
He explained that after launching, many projects upgrade smart contracts, integrate oracles, or change governance structures without revisiting their original risk models. This lack of ongoing risk evaluation has led to an increase in post-deployment exploits.
“Security has to move from static to continuous. That means real-time threat monitoring, human-aware response protocols, and tooling that keeps pace with evolving risk, not just a one-time audit. The entire industry needs to treat security as infrastructure, not insurance,” Amador added.
How Bug Bounties Are the Key to Preventing Crypto Hacks
While security measures must continuously evolve, the Immunefi CEO also advocated for bug bounties. According to him, they are more effective than traditional cybersecurity methods in the crypto space.
For context, a bug bounty is a reward offered by organizations to individuals who identify and report security vulnerabilities in their software or systems. These ‘ethical hackers’ or bug bounty hunters help companies identify and address weaknesses before malicious actors can exploit them.
Rewards are typically monetary and vary depending on the severity, complexity, and potential impact of the reported bug.
Amador noted that the key to preventing exploitation is to make defending against attacks more profitable than launching them. This is where well-designed bug bounty programs come in.
“Crypto flips the rules. In Web2, attackers need motivation. In crypto, the money is the motivation. If you launch a smart contract with $100 million in it, you just put a price tag on every single bug. We’ve paid out over $100 million to whitehats, and it’s saved over $25 billion in potential losses. That’s not theory, that’s real economic security,” he remarked.
It is worth noting that white hat hackers and black hat hackers may have similar technical skills, but their motives differ significantly. Black hat hackers exploit vulnerabilities for personal gain or malicious intent, causing harm to individuals or organizations.
On the other hand, white hat hackers work legally and ethically to enhance cybersecurity. So, what makes some hackers choose the white hat path?
“Three things: trust, upside, and recognition. If hackers know a platform will pay fairly and fast, they flip. If the process is murky or the payouts are weak, they go blackhat,” Amador disclosed to BeInCrypto.
Additionally, the executive pointed out that the best white hats today aren’t just individuals but are becoming part of a global force. Elite security researchers are leaving traditional firms to form a decentralized, deputized security swarm, responding to threats across ecosystems in real time. This approach represents the future of defense—collaborative, fast, and reputation-driven.
While all this may sound simple in theory, in practice, managing ethical hacking efforts is quite complex. As Amador explained,
“Coordinating real-time responses to live threats in Web3 is like defusing a bomb in public. If teams move too slowly, they lose funds. If they move too quickly or without clear authority, they risk backlash.”
Amador recounted intense negotiations where Immunefi mediated between protocols and whitehats over critical vulnerabilities. In cases where bounties were not pre-established or disagreements arose over a bug’s severity, Immunefi’s role as a neutral mediator ensured fair resolutions.
“The most intense cases often happen outside the spotlight, but they underscore the need for clear disclosure processes and pre-committed incentives. It’s about managing trust under pressure,” the CEO mentioned to BeInCrypto.
The Future of Web3 Security
Despite the importance of bug bounties, Amador emphasized that they are only one layer of security. He stated that the next phase of Web3 security will be automated, continuous, and human-centered.
“We need autonomous systems that scan code, model behavioral threats, and respond instantly, from contract exploits to phishing and insider risk. We’re also building out Safe Harbor, an initiative that enables elite whitehats to operate like a 24/7 rapid-response team, a global security swarm that can move faster than any attacker. The goal isn’t just better code, it’s intelligent defense that evolves with the threat landscape,” commented.
However, Amador stressed that crypto will remain vulnerable until such systems are the standard. Once these security measures are in place, they will unlock a new era of institutional investment and public trust, paving the way for a more secure future.
Disclaimer
Following the Trust Project guidelines, this feature article presents opinions and perspectives from industry experts or individuals. BeInCrypto is dedicated to transparent reporting, but the views expressed in this article do not necessarily reflect those of BeInCrypto or its staff. Readers should verify information independently and consult with a professional before making decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.