Key Highlights
- May 2026 recorded $68.3 million in cryptocurrency exploit losses, representing a 90% decline compared to April’s $650 million
- This marks the third time in 2026 that monthly losses have remained below the $100 million threshold
- Verus Protocol’s cross-chain bridge suffered the month’s largest single incident, losing $11.5 million
- Flawed code was responsible for approximately 66% of all losses, totaling roughly $45 million
- Cross-chain bridge infrastructure represented the most vulnerable target, comprising 42% of total monthly damages
Cryptocurrency platform exploits resulted in $68.3 million in losses during May, based on findings from blockchain security company CertiK. This represents a dramatic 90% reduction from April’s staggering $650 million total.
CertiK published their findings on X, highlighting that May represents the third consecutive month in 2026 where aggregate losses remained beneath the $100 million mark.
April had marked one of the most devastating months in recent history. When excluding the massive $1.5 billion Bybit breach from February 2025, April’s figures represented the worst single-month performance since March 2022. The primary driver that month was a $291 million compromise of Kelp DAO.
May’s landscape proved considerably calmer by comparison.
Phishing-related attacks contributed $2.6 million to May’s overall tally. Security teams successfully recovered or had returned approximately $9.4 million in stolen digital assets throughout the month.
Bridge Infrastructure and Coding Errors Dominated Attack Vectors
May’s most significant security breach targeted Verus Protocol’s cross-chain bridge infrastructure on May 18, resulting in an $11.5 million theft. THORChain experienced the second-largest incident, with hackers extracting $10.1 million during a mid-May compromise.
Cross-chain bridge technology emerged as the primary target category, accumulating $28.6 million in losses—representing 42% of the month’s total damages.
Coding vulnerabilities stood out as the predominant root cause by financial impact. Approximately $45 million, equal to roughly 66% of aggregate losses, stemmed from defective code implementation. Wallet compromises and private key exposures ranked second, accounting for $13.7 million in stolen funds.
According to DeFiLlama’s tracking systems, May witnessed 29 distinct security incidents. Seven of these breaches involved compromised private key credentials.
The month’s final two attacks, both documented on May 30, targeted Alephium Bridge and Gravity Bridge respectively. Alephium suffered an $815,000 loss while Gravity Bridge experienced a $5.4 million breach, with both incidents attributed to compromised private keys.
CertiK additionally identified an emerging trend in AI-powered malware throughout May. Threat actors specifically targeted cryptocurrency and artificial intelligence developers through compromised code repositories, manipulating AI-based coding assistants to execute malicious operations.
Despite the improvement from April’s figures, security analysts emphasize that cross-chain bridge vulnerabilities and private key protection continue to represent critical concerns for the remainder of 2026.
