The Cryptocurrency Post The CryptocurrencyPost
AboutContact
Blockchain

Crypto exploit losses fall to 68 million dollars during May

Crypto exploit losses

Losses linked to vulnerabilities in cryptocurrency platforms fell to 68.3 million dollars during May 2026, representing a contraction of almost 90% compared to the 650 million dollars recorded during April. The consolidated data originates from the blockchain security firm CertiK, which detailed the incidents in a CertiKAlert security report published on Sunday, May 31, 2026. This accumulated volume makes May the third month of the current year with a record of illicit extractions below the 100 million dollar mark.

The statistical decrease between April and May is due to the absence of atypical magnitude incidents during the fifth month of the year. April accumulated the highest monthly losses documented since March 2022, excluding the 1.5 billion dollar hack suffered by the Bybit exchange in February 2025.

The anomalous volume in April was mainly concentrated in the vulnerability of Kelp DAO, an event that alone resulted in the extraction of 291 million dollars. In direct contrast, the largest isolated incident in May affected the Verus Protocol cross-chain bridge on May 18, where attackers managed to drain 11.5 million dollars from the project’s infrastructure.

The second highest economic impact event during May involved a security breach on THORChain, where on-chain monitors detected an unauthorized extraction of 10.1 million dollars in the middle of the month. Cross-chain bridges, whose technical architecture facilitates the transfer of digital assets between independent blockchain networks, remained the infrastructure component most attacked by malicious actors.

In total, these bridge platforms accumulated combined losses of 28.6 million dollars, a figure equivalent to 42% of the total stolen funds in the evaluated period. Operational protocols within decentralized finance occupied the second place in terms of extracted capital volume.

The technical analysis of the attack vectors implemented throughout the month indicates that vulnerabilities at the smart contract and underlying code level generated the greatest financial impact for the ecosystem. This specific type of operational failure facilitated the theft of 45 million dollars across multiple platforms, constituting approximately 66% of the total losses recorded in May. The second most costly cause for platform operators and liquidity providers was the direct compromise of private keys and protocol administration wallets.

The independent and historical record based on DeFiLlama hack data accounts for a total of 29 confirmed security incidents throughout the month of May. Out of this group of isolated events, at least seven direct breaches were explicitly linked to the loss of private key control by developers.

The reports issued in the final days of the month included the extraction of funds from the Alephium Bridge and Gravity Bridge platforms on May 30, with consolidated losses of 815,000 dollars and 5.4 million dollars respectively, both originating from the leakage of essential administrative access.

The exposure of credentials and recovery seeds also affected platforms focused on prediction markets, as evidenced by the loss of access to private keys on Polymarket. The recurrence of key infrastructure compromise across multiple protocols exposes flaws in institutional custody processes. Additionally, during the analyzed month, targeted phishing attacks or identity spoofing campaigns resulted in the direct theft of 2.6 million dollars originating from the personal wallets of individual investors and market operators.

An emerging risk vector documented in the month’s security reports involves the proactive distribution of malicious software developed through the use of artificial intelligence assistance. Various malicious actors directed these attack campaigns directly against programmers within the cryptocurrency ecosystem and developers specialized in artificial intelligence tools.

The detected operational tactic consisted of compromising public source code repositories and manipulating programming assistants based on language models to introduce subtle vulnerabilities directly into development environments before the code was deployed to the respective main networks.

Despite the pace of illicit extractions executed against decentralized infrastructure, the recovery metrics showed partial returns of capital. During the course of the 31 days of May, cybersecurity teams and affected protocol operators managed to recover 9.4 million dollars of the stolen funds. Forensic firms and on-chain analysts continue tracking the movement of assets transferred from the vulnerable bridges toward transaction mixers, pending the publication of the post-mortem reports for the incidents that occurred on May 30.

This article is for informational purposes only and does not constitute financial advice.