Code vulnerabilities have been answerable for the majority of the harm in Could — roughly 66% of the month’s whole losses, or about $45 million.
That breakdown, drawn from information launched by blockchain safety agency CertiK, got here alongside broader figures displaying that general crypto exploit losses fell to $68 million final month, down sharply from $650 million in April.
The place The Losses Got here From
Cross-chain bridges took the heaviest hit by class, accounting for 42% of whole losses, or $28.6 million. The most important single incident was an exploit of Verus Protocol’s cross-chain bridge on Could 18, which drained $11.5 million. THORChain was subsequent, shedding $10 million after an assault in mid-Could compelled the protocol to halt buying and selling.
Pockets and personal key compromises ranked second when it comes to greenback harm, with $13.7 million stolen via that methodology. DeFiLlama information counted almost 30 separate incidents in Could, seven of which concerned compromised non-public keys.
The ultimate two reported incidents got here on Could 30 — the Alephium Bridge and Gravity Bridge have been every hit, shedding $815,000 and $5.4 million respectively.
Combining all of the incidents in Could we’ve confirmed ~$68.3M misplaced to exploits with
~$2.6M of the whole attributed to phishing.After a very dangerous April, Could is now the third month of 2026 to report losses beneath 100M$.
Extra particulars beneath 👇 pic.twitter.com/GSWTLKXWDH
— CertiK Alert (@CertiKAlert) Could 31, 2026
Crypto: A New Menace Takes Form
Phishing assaults have been comparatively minor, answerable for simply $2.6 million of the month’s losses. About $9.4 million was recovered or returned in the course of the interval. CertiK famous that Could marks the third month of 2026 by which whole losses stayed beneath $100 million.
April’s toll, in contrast, was the worst since March 2022 if the $1.5 billion Bybit hack in February 2025 is put aside. A single exploit of Kelp DAO that month accounted for $291 million of the harm.
AI-Assisted Malware On The Rise
A separate however rising menace emerged in Could as dangerous actors started utilizing synthetic intelligence to develop malware geared toward crypto and AI builders.
Assaults focused code repositories and tried to trick AI-powered coding assistants into executing malicious actions — a tactic that broadens the assault floor past conventional good contract flaws.
Picture: Shutterstock
Could’s comparatively decrease losses don’t imply the menace has handed. Bridges and code vulnerabilities stay the 2 most exploited areas within the house, and the introduction of AI-assisted assault instruments alerts that the strategies getting used towards the trade are nonetheless altering.
Featured picture from Unsplash, chart from TradingView
Editorial Course of for bitcoinist is centered on delivering totally researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluation by our group of high know-how specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
