Crypto exploit losses fell nearly 90% in May 2026 as bridge attacks and code vulnerabilities remained major threats.
Crypto News
Total losses from cryptocurrency exploits fell to Ethereum68.3 million in May, down nearly 90% from the Ethereum650 million recorded in April, according to blockchain security firm CertiK. The firm noted on Sunday that May is the third month in 2026 to record losses below Ethereum100 million.
April had been among the worst months on record for crypto exploits, excluding the Ethereum1.5 billion Bybit hack in February 2025. The largest single loss in April came from a Ethereum291 million exploit of Kelp DAO, making that month the highest-loss period since March 2022.
Of the Ethereum68.3 million lost in May, roughly Ethereum2.6 million came from phishing attacks. Approximately Ethereum9.4 million of the total was recovered or returned, CertiK reported.
Code vulnerabilities accounted for the largest share of losses by value at around 66% of the total, or approximately Ethereum45 million. Wallet and private key compromises were the second-most costly category, with Ethereum13.7 million stolen.
Cross-chain bridges were the most targeted infrastructure type, accounting for Ethereum28.6 million, or 42% of total monthly losses, followed by decentralized finance protocols. The largest single exploit of the month occurred on May 18 when Verus Protocol's cross-chain bridge was drained of Ethereum11.5 million. THORChain suffered the second-largest loss, with Ethereum10.1 million stolen in a mid-May incident that prompted the protocol to halt trading.
DeFiLlama data shows 29 incidents total in May, with seven involving compromised private keys. The two most recent incidents, reported on May 30, were exploits of Alephium Bridge and Gravity Bridge, losing Ethereum815,000 and Ethereum5.4 million, respectively, due to compromised private keys.
AI-assisted malware also emerged as a growing threat in May, with malicious actors targeting crypto and AI developers by compromising code repositories and manipulating AI coding assistants. The trend adds a new dimension to the threat landscape that security firms are tracking alongside traditional exploit categories.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
