Code vulnerabilities had been chargeable for the majority of the harm in Could — roughly 66% of the month’s complete losses, or about $45 million.
That breakdown, drawn from information launched by blockchain safety agency CertiK, got here alongside broader figures displaying that general crypto exploit losses fell to $68 million final month, down sharply from $650 million in April.
The place The Losses Got here From
Cross-chain bridges took the heaviest hit by class, accounting for 42% of complete losses, or $28.6 million. The most important single incident was an exploit of Verus Protocol’s cross-chain bridge on Could 18, which drained $11.5 million. THORChain was subsequent, shedding $10 million after an assault in mid-Could pressured the protocol to halt buying and selling.
Pockets and personal key compromises ranked second by way of greenback harm, with $13.7 million stolen by way of that methodology. DeFiLlama information counted almost 30 separate incidents in Could, seven of which concerned compromised non-public keys.
The ultimate two reported incidents got here on Could 30 — the Alephium Bridge and Gravity Bridge had been every hit, shedding $815,000 and $5.4 million respectively.
#CertiKStatsAlert 🚨
Combining all of the incidents in Could we’ve confirmed ~$68.3M misplaced to exploits with
~$2.6M of the full attributed to phishing.After a very dangerous April, Could is now the third month of 2026 to document losses underneath 100M$.
Extra particulars under 👇 pic.twitter.com/GSWTLKXWDH
— CertiK Alert (@CertiKAlert) Could 31, 2026
Crypto: A New Risk Takes Form
Phishing assaults had been comparatively minor, chargeable for simply $2.6 million of the month’s losses. About $9.4 million was recovered or returned throughout the interval. CertiK famous that Could marks the third month of 2026 through which complete losses stayed under $100 million.
April’s toll, against this, was the worst since March 2022 if the $1.5 billion Bybit hack in February 2025 is put aside. A single exploit of Kelp DAO that month accounted for $291 million of the harm.
AI-Assisted Malware On The Rise
A separate however rising risk emerged in Could as dangerous actors started utilizing synthetic intelligence to develop malware aimed toward crypto and AI builders.
Assaults focused code repositories and tried to trick AI-powered coding assistants into executing malicious actions — a tactic that broadens the assault floor past conventional good contract flaws.
Picture: Shutterstock
Could’s comparatively decrease losses don’t imply the risk has handed. Bridges and code vulnerabilities stay the 2 most exploited areas within the area, and the introduction of AI-assisted assault instruments indicators that the strategies getting used towards the trade are nonetheless altering.
Featured picture from Unsplash, chart from TradingView
Editorial Course of for bitcoinist is centered on delivering totally researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluate by our crew of prime know-how consultants and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.