TLDR
- Crypto exploit losses fell to $68.3 million in May, down 90% from April’s $650 million
- May is the third month in 2026 where total losses came in under $100 million
- The largest single attack was an $11.5 million exploit of Verus Protocol’s cross-chain bridge
- Code vulnerabilities accounted for about 66% of all losses, or around $45 million
- Cross-chain bridges were the most targeted category, making up 42% of total monthly losses
Losses from crypto platform exploits dropped to $68.3 million in May, according to blockchain security firm CertiK. That’s a fall of nearly 90% from the $650 million lost in April.
CertiK shared the data on X, noting that May is now the third month of 2026 where total losses came in under $100 million.
#CertiKStatsAlert ๐จ
Combining all the incidents in May weโve confirmed ~$68.3M lost to exploits with
~$2.6M of the total attributed to phishing.After a particularly bad April, May is now the third month of 2026 to record losses under 100M$.
More details below ๐ pic.twitter.com/GSWTLKXWDH
— CertiK Alert (@CertiKAlert) May 31, 2026
April had been one of the worst months on record. Excluding the $1.5 billion Bybit hack in February 2025, April’s losses were the highest recorded in a single month since March 2022. A $291 million exploit of Kelp DAO was the biggest contributor that month.
By comparison, May was far quieter in terms of scale.
Phishing attacks made up $2.6 million of May’s total. Around $9.4 million of stolen funds were recovered or returned during the month.
Cross-Chain Bridges and Code Flaws Were the Main Weak Points
The biggest single loss in May came from an attack on Verus Protocol’s cross-chain bridge on May 18, with $11.5 million stolen. THORChain was the second-largest victim, losing $10.1 million in a mid-May exploit.
Cross-chain bridges were the most targeted category overall, accounting for $28.6 million, or 42% of total losses for the month.
Code vulnerabilities were the leading cause of losses by value. Around $45 million, or roughly 66% of the total, was traced back to flawed code. Wallet and private key compromises came second, with $13.7 million stolen.
Data from DeFiLlama shows there were 29 separate incidents in May. Seven of those involved compromised private keys.
The final two incidents of the month, reported on May 30, hit Alephium Bridge and Gravity Bridge. Alephium lost $815,000 and Gravity Bridge lost $5.4 million, both due to compromised private keys.
CertiK also flagged a rise in AI-assisted malware during May. Malicious actors targeted crypto and AI developers by compromising code repositories and tricking AI coding assistants into executing harmful actions.
While losses were lower than April, security researchers say cross-chain bridges and private key security remain areas of concern heading into the rest of 2026.
