Catenaa, Saturday, June 06, 2026- Cryptocurrency exploit losses dropped to roughly $68 million in May, sharply lower than April’s $650 million total, though blockchain security firms warned that evolving attack methods continue threatening decentralized finance infrastructure.
Data released by security company CertiK showed code vulnerabilities accounted for nearly two-thirds of May’s total losses, representing about $45 million stolen through smart contract flaws and protocol weaknesses.
Cross-chain bridges remained the largest attack target, responsible for roughly 42% of total losses during the month.
The biggest single incident involved Verus Protocol, which lost about $11.5 million through a bridge exploit on May 18.
THORChain suffered another major attack after hackers drained approximately $10 million, temporarily forcing the protocol to halt trading activity.
Cross-chain bridge infrastructure has become one of the most vulnerable sectors within decentralized finance because it connects multiple blockchain ecosystems and often holds large pools of locked assets.
Wallet and private key compromises ranked as the second-largest source of losses in May, accounting for nearly $13.7 million across several incidents.
DeFiLlama data identified nearly 30 separate security incidents during the month, including seven involving compromised private keys.
Additional attacks targeted Alephium Bridge and Gravity Bridge near the end of May, resulting in combined losses exceeding $6 million.
Despite the lower monthly losses, analysts warned the crypto industry continues facing rapidly evolving cybersecurity threats.
Security researchers identified a growing trend involving artificial intelligence-assisted malware targeting crypto developers and AI-powered coding tools.
Attackers increasingly attempt to manipulate AI coding assistants and inject malicious instructions into developer environments.
Analysts said the emergence of AI-assisted exploits significantly expands the potential attack surface for blockchain infrastructure and decentralized applications.
Meanwhile, phishing-related losses remained relatively limited in May at roughly $2.6 million.
CertiK researchers noted May became the third month of 2026 where exploit losses remained below the $100 million threshold.
However, analysts warned lower losses do not necessarily indicate improving long-term security conditions.
Bridge vulnerabilities and smart contract weaknesses continue representing the dominant risks facing decentralized finance protocols.
Industry observers said rising AI-driven attack methods may soon create more sophisticated automated exploit campaigns against crypto infrastructure.
Crypto exploit losses surged dramatically throughout 2025 and early 2026 following several record-breaking attacks against exchanges, bridges and DeFi protocols.
One of the largest recent incidents involved Kelp DAO, which suffered losses exceeding $290 million during an exploit earlier this year.
The broader industry is increasingly debating whether existing DeFi security models can withstand more advanced AI-driven hacking techniques and escalating infrastructure complexity.
Crypto exploit losses fell sharply in May, but growing AI-assisted malware and continued bridge attacks kept DeFi security risks elevated.
