In May, losses due to vulnerabilities in code accounted for a significant portion of financial damage, totaling approximately $45 million, which represented around 66% of the month’s total exploit losses. These figures, compiled by blockchain security firm CertiK, highlight an overall decrease in exploit losses, which fell to $68 million from $650 million in April.
Sources of Losses
The category experiencing the most substantial losses was cross-chain bridges, which constituted 42% of the total losses, amounting to $28.6 million. The most notable incident was an attack on Verus Protocol’s cross-chain bridge on May 18, where attackers withdrew $11.5 million. Following this, THORChain was targeted, leading to losses of $10 million due to an attack that halted trading in mid-May.
Another major source of financial losses involved compromises of wallets and private keys, with losses estimated at $13.7 million. Data from DeFiLlama indicated there were approximately 30 separate incidents in May, with seven instances specifically linked to the compromise of private keys.
On May 30, two additional incidents were recorded involving the Alephium Bridge, which lost $815,000, and the Gravity Bridge, which suffered a loss of $5.4 million.
In total, about $68.3 million was confirmed lost to exploits in May, with approximately $2.6 million attributed to phishing attempts.
In contrast to a particularly challenging April, May marked the third month of 2026 during which total losses remained below $100 million.
— CertiK Alert (@CertiKAlert) May 31, 2026
The Evolving Landscape of Crypto Threats
Phishing attacks were relatively minor, responsible for just $2.6 million of the losses. However, during this period, about $9.4 million was reportedly recovered. CertiK noted that May is significant as it represents a continuation of losses below $100 million for three consecutive months in 2026.
For context, April marked the highest losses faced since March 2022, excluding the $1.5 billion hack of Bybit in February 2025. In that month alone, a single exploit related to Kelp DAO contributed $291 million to the total losses.
Emerging Threats: AI-Driven Attacks
In addition to established modes of attack, a new strategy surfaced in May where cybercriminals utilized artificial intelligence to create malware targeting crypto and AI developers. These attacks focused on infiltrating code repositories and leveraged AI algorithms to mislead coding assistants into executing harmful actions.
This evolution in tactics signifies a growing range of vulnerabilities that extends beyond traditional issues related to smart contracts.
Although May’s losses were lower, this does not indicate a decline in potential threats. The primary areas still under attack include bridges and code vulnerabilities, compounded by the integration of AI tools in malicious activities.
image from unsplash, chart from TradingView
