Code vulnerabilities were responsible for the bulk of the damage in May — roughly 66% of the month’s total losses, or about $45 million.
This breakdown, drawn from data released by blockchain security firm CertiK, came alongside wider numbers showing this Total Cryptocurrency Exploitation Losses It fell to $68 million last month, down sharply from $650 million in April.
Where did the losses come from?
Cross bridges were the most damaged by category, accounting for 42% of the total losses, or $28.6 million. The largest single incident was Verus Protocol’s cross-chain bridge exploit on May 18, which drained $11.5 million. THORChain was next, losing $10 million after an attack in mid-May that forced the protocol to halt trading.
Wallet and private key compromises ranked second in terms of dollar damage, with $13.7 million stolen through this method. DeFiLlama data counted nearly 30 separate incidents in May, seven of which involved compromised private keys.
The last two reported incidents occurred on May 30, when the Alephium Bridge and Gravity Bridge were struck, resulting in losses of $815,000 and $5.4 million, respectively.
Combining all the events that occurred in May, we have confirmed that approximately $68.3 million was lost to the exploit.
~$2.6 million of the total attributed to phishing.After a particularly bad April, May is now the third month of 2026 to record losses of less than $100 million.
More details below 👇 pic.twitter.com/GSWTLKXWDH
– CertiK Alert (@CertiKAlert) May 31, 2026
Cryptocurrencies: A new threat is taking shape
Phishing The attacks were relatively minor, and were responsible for only $2.6 million in losses for the month. About $9.4 million was recovered or returned during this period. certec He pointed out that May marks the third month of 2026 during which total losses remained less than $100 million.
By contrast, April’s tally was the worst since March 2022, if Bybit’s $1.5 billion hack in February 2025 is set aside. One Kelp DAO exploit that month caused $291 million in damage.
AI-powered malware is on the rise
A separate but growing threat emerged in May, when bad actors began using artificial intelligence to advance Malware Aimed at crypto and AI developers.
The attacks targeted code repositories and attempted to trick AI-based programming assistants into performing malicious actions — a tactic that expands the attack surface beyond the drawbacks of traditional smart contracts.
Image: Shutterstock
May’s relatively low losses do not mean the threat is over. Bridges and code vulnerabilities remain the two most exploited areas in the industry, and the introduction of AI-powered attack tools suggests that the methods used against the industry are still changing.
Featured image from Unsplash, chart from TradingView
Editing process Bitcoinist focuses on providing well-researched, accurate, and unbiased content. We adhere to strict sourcing standards, and every page is carefully reviewed by our team of senior technology experts and experienced editors. This process ensures the integrity, relevance, and value of our content to our readers.
