Crypto Exploit Losses Plummet to $68.3M in May, Down 90% From April
L'essentiel
- Crypto exploit losses dropped to $68.3 million in May, a nearly 90% decrease from April's $650 million, according to CertiK.
- May marked the third month of 2026 with losses under $100 million, with Verus Protocol's bridge exploit being the largest incident.
Résumé généré par IA
Pourquoi c'est important
Crypto exploit losses in May decreased significantly to $68.3 million, a nearly 90% drop from April's $650 million. This marks the third month in 2026 with losses under $100 million. The decrease follows a period of high losses, with April being the worst month since March 2022, excluding a major 2025 hack.
Losses from exploits of crypto platforms fell to $68.3 million in May, down almost 90% from the $650 million lost in April, says crypto security company CertiK.
“After a particularly bad April, May is now the third month of 2026 to record losses under [$100 million],” CertiK posted to X on Sunday.
Around $2.6 million of the total crypto stolen in May was due to phishing attacks, while roughly $9.4 million was recovered or returned, it added.
Excluding the $1.5 billion hack on Bybit in February 2025, April saw the highest losses recorded in a month since March 2022, with the largest loss that month coming from a $291 million exploit of Kelp DAO.
An exploit of Verus Protocol’s cross-chain bridge on May 18 was the largest in terms of losses last month, with $11.5 million stolen. THORChain was second after an exploit in mid-May saw $10.1 million stolen from the protocol.
Code vulnerabilities were the category with the highest value of losses over the month, with about 66% of the total, or around $45 million lost. Wallet or private key compromises were the second-most costly, with $13.7 million stolen.
Cross-chain bridges were the most targeted, with $28.6 million, or 42% of the total monthly losses, followed by decentralized finance protocols.
Crypto exploit losses in May reached $68.3 million. Source: CertiK
Related: Scammers make $400K through fake Uniswap ads on Google
DeFiLlama data shows that there were 29 incidents in May, seven of which involved compromised private keys.
The latest two incidents, reported on May 30, were the Alephium Bridge and Gravity Bridge, which were respectively exploited for $815,000 and $5.4 million due to compromised private keys.
Malware developed with artificial intelligence assistance has also been on the rise as malicious actors targeted crypto and AI developers in May by compromising code repos and tricking AI coding assistants.
Questions ouvertes
- Will this downward trend in exploit losses continue in the coming months?
- What specific security improvements led to the reduction in May?
- Are there new types of exploits emerging that could reverse this trend?
- How effective are current recovery mechanisms for stolen crypto assets?






