Crypto Exploit Losses Plummet 90% in May to $68.3M: CertiK

Losses from crypto exploits fell sharply in May 2026, plunging 90% month-over-month to $68.3 million, according to blockchain security firm CertiK. This marks a significant decline from April's staggering $650 million in recorded losses, much of which stemmed from vulnerabilities in code and bridge exploits.

While the drop offers a momentary reprieve, breaches targeting cross-chain bridges and decentralized finance (DeFi) protocols remain persistent threats. Cross-chain bridges accounted for $28.6 million—or 42%—of May’s total losses, with vulnerabilities in wallet or private key systems responsible for $13.7 million.

The largest single exploit in May occurred on May 18, when Verus Protocol’s cross-chain bridge suffered an $11.5 million breach. THORChain followed closely behind, losing $10.1 million to an exploit later in the month. Overall, code vulnerabilities were behind 66% (approximately $45 million) of May’s losses, underscoring ongoing risks within DeFi systems reliant on complex smart contracts.

Phishing and Private Key Compromises Still Prevalent

Though bridge exploits dominated dollar figures, phishing attacks and compromised private keys also contributed to security lapses. CertiK reported $2.6 million in losses from phishing, while compromised private keys played a role in seven separate incidents during May. Two late-month breaches—Alephium Bridge ($815,000) and Gravity Bridge ($5.4 million)—highlight how attackers are targeting key infrastructure.

Hackers are also leveraging artificial intelligence to develop more advanced malware, targeting cryptocurrency developers and coding repositories. This trend adds another layer of complexity for crypto platforms trying to secure their ecosystems.

Context: Cross-Chain Bridges Under Fire

Cross-chain bridges have long been a weak point in blockchain infrastructure. The sharp focus on bridges in May echoes past incidents, such as the $120 million Multichain exploit in 2023, where centralized control of private keys proved catastrophic. Multichain’s collapse underscored how poorly managed access to Multi-Party Computation (MPC) keys can unravel entire ecosystems.

Even as new protocols attempt to increase decentralization and improve security, the sheer value locked in these systems makes them prime targets for bad actors. May’s data suggests that while total losses are down, the industry still faces systemic vulnerabilities.

Looking Ahead

May marks the third month in 2026 where crypto losses remained under $100 million, an encouraging trend for a market accustomed to multi-billion-dollar hacks in previous years. However, with $9.4 million recovered or returned during the month, security improvements remain uneven.

The market continues to weigh the trade-offs between rapid innovation and robust security. As bridges and DeFi protocols play a crucial role in the crypto ecosystem, addressing these vulnerabilities will be paramount in reducing future losses. Traders and investors should monitor upcoming security audits and new governance measures to gauge whether these platforms can finally turn the corner on security.