Code vulnerabilities have been accountable for the majority of the injury in Might — roughly 66% of the month’s whole losses, or about $45 million.
That breakdown, drawn from knowledge launched by blockchain safety agency CertiK, got here alongside broader figures exhibiting that general crypto exploit losses fell to $68 million final month, down sharply from $650 million in April.
The place The Losses Got here From
Cross-chain bridges took the heaviest hit by class, accounting for 42% of whole losses, or $28.6 million. The most important single incident was an exploit of Verus Protocol’s cross-chain bridge on Might 18, which drained $11.5 million. THORChain was subsequent, dropping $10 million after an assault in mid-Might compelled the protocol to halt buying and selling.
Pockets and personal key compromises ranked second by way of greenback injury, with $13.7 million stolen via that technique. DeFiLlama knowledge counted almost 30 separate incidents in Might, seven of which concerned compromised non-public keys.
The ultimate two reported incidents got here on Might 30 — the Alephium Bridge and Gravity Bridge have been every hit, dropping $815,000 and $5.4 million respectively.
#CertiKStatsAlert 🚨
Combining all of the incidents in Might we’ve confirmed ~$68.3M misplaced to exploits with~$2.6M of the entire attributed to phishing.
After a very dangerous April, Might is now the third month of 2026 to document losses underneath 100M$.
Extra particulars beneath 👇 pic.twitter.com/GSWTLKXWDH
— CertiK Alert (@CertiKAlert) Might 31, 2026
Crypto: A New Menace Takes Form
Phishing assaults have been comparatively minor, accountable for simply $2.6 million of the month’s losses. About $9.4 million was recovered or returned in the course of the interval. CertiK famous that Might marks the third month of 2026 by which whole losses stayed beneath $100 million.
April’s toll, in contrast, was the worst since March 2022 if the $1.5 billion Bybit hack in February 2025 is put aside. A single exploit of Kelp DAO that month accounted for $291 million of the injury.
AI-Assisted Malware On The Rise
A separate however rising menace emerged in Might as dangerous actors started utilizing synthetic intelligence to develop malware geared toward crypto and AI builders.
Assaults focused code repositories and tried to trick AI-powered coding assistants into executing malicious actions — a tactic that broadens the assault floor past conventional sensible contract flaws.
Picture: Shutterstock
Might’s comparatively decrease losses don’t imply the menace has handed. Bridges and code vulnerabilities stay the 2 most exploited areas within the house, and the introduction of AI-assisted assault instruments alerts that the strategies getting used towards the trade are nonetheless altering.
Featured picture from Unsplash, chart from TradingView
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent assessment by our crew of prime expertise consultants and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
