Key Highlights
- Total cryptocurrency exploit damages decreased to $68.3 million in May, representing a 90% decline from April’s $650 million
- May marks the third consecutive month in 2026 with exploit losses remaining below the $100 million threshold
- Verus Protocol’s cross-chain bridge suffered the month’s most significant attack, losing $11.5 million
- Flawed code infrastructure was responsible for approximately 66% of total losses, amounting to roughly $45 million
- Cross-chain bridge platforms emerged as the primary target, representing 42% of May’s aggregate losses
Cryptocurrency platform security incidents resulted in $68.3 million in damages during May, based on findings from blockchain security specialist CertiK. This figure represents a dramatic reduction of approximately 90% compared to April’s $650 million in losses.
CertiK published the findings via their X platform, highlighting that May joins two other months in 2026 where cumulative losses stayed beneath the $100 million mark.
April represented one of the industry’s most damaging months in recent history. When excluding the massive $1.5 billion Bybit security breach from February 2025, April’s damage total ranked as the highest single-month figure since March 2022. The Kelp DAO incident, which accounted for $291 million in losses, was April’s largest contributor.
In stark contrast, May demonstrated significantly reduced activity and severity.
Phishing schemes accounted for $2.6 million of May’s aggregate total. Meanwhile, approximately $9.4 million in compromised assets were successfully retrieved or voluntarily returned throughout the month.
Bridge Infrastructure and Programming Errors Remain Primary Vulnerabilities
May’s most substantial security incident targeted [[LINK_START_0]]Verus Protocol’s[[LINK_END_0]] cross-chain bridge infrastructure on May 18, resulting in $11.5 million in stolen assets. THORChain experienced the second-most significant breach, with $10.1 million compromised during a mid-May attack.
Cross-chain bridge platforms dominated the vulnerability landscape, accumulating $28.6 million in losses—representing 42% of the month’s total damages.
Programming vulnerabilities emerged as the predominant loss factor by monetary value. Approximately $45 million, constituting roughly 66% of aggregate damages, originated from defective code implementations. Wallet security breaches and compromised private keys ranked second, accounting for $13.7 million in stolen funds.
According to DeFiLlama analytics, May witnessed 29 distinct security incidents. Seven of these breaches involved compromised private key credentials.
The month concluded with two final incidents reported on May 30, affecting Alephium Bridge and Gravity Bridge. Alephium sustained $815,000 in losses while Gravity Bridge lost $5.4 million—both incidents stemming from compromised private key security.
CertiK additionally identified an emerging trend of AI-powered malware throughout May. Threat actors specifically targeted cryptocurrency and artificial intelligence developers by infiltrating code repositories and manipulating AI-driven coding assistants to execute malicious operations.
Despite the substantial improvement from April’s figures, security analysts emphasize that cross-chain bridge infrastructure and private key management continue to represent critical vulnerability areas as 2026 progresses.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
