Bitcoinist
January 6, 2026 9:00 PM UTC

Crypto Exploit Losses Reach $68 Million In May Despite Limited Phishing Damage

Code vulnerabilities were responsible for the bulk of the damage in May — roughly 66% of the month’s total losses, or about $45 million. That breakdown, drawn from data released by blockchain security firm CertiK, came alongside broader figures showing that overall crypto exploit losses fell to $68 million last month, down sharply from $650 million in April. Where The Losses Came From Cross-chain bridges took the heaviest hit by category, accounting for 42% of total losses, or $28.6 million. The biggest single incident was an exploit of Verus Protocol’s cross-chain bridge on May 18, which drained $11.5 million. THORChain was next, losing $10 million after an attack in mid-May forced the protocol to halt trading. Wallet and private key compromises ranked second in terms of dollar damage, with $13.7 million stolen through that method. DeFiLlama data counted nearly 30 separate incidents in May, seven of which involved compromised private keys. The final two reported incidents came on May 30 — the Alephium Bridge and Gravity Bridge were each hit, losing $815,000 and $5.4 million respectively. #CertiKStatsAlert Combining all the incidents in May we’ve confirmed ~$68.3M lost to exploits with~$2.6M of the total attributed to phishing. After a particularly bad April, May is now the third month of 2026 to record losses under 100M$. More details below pic.twitter.com/GSWTLKXWDH — CertiK Alert (@CertiKAlert) May 31, 2026 Crypto: A New Threat Takes Shape Phishing attacks were comparatively minor, responsible for just $2.6 million of the month’s losses. About $9.4 million was recovered or returned during the period. CertiK noted that May marks the third month of 2026 in which total losses stayed below $100 million. April’s toll, by contrast, was the worst since March 2022 if the $1.5 billion Bybit hack in February 2025 is set aside. A single exploit of Kelp DAO that month accounted for $291 million of the damage. AI-Assisted Malware On The Rise A separate but growing threat emerged in May as bad actors began using artificial intelligence to develop malware aimed at crypto and AI developers. Attacks targeted code repositories and attempted to trick AI-powered coding assistants into executing malicious actions — a tactic that broadens the attack surface beyond traditional smart contract flaws. May’s relatively lower losses do not mean the threat has passed. Bridges and code vulnerabilities remain the two most exploited areas in the space, and the introduction of AI-assisted attack tools signals that the methods being used against the industry are still changing. Featured image from Unsplash, chart from TradingView