CertiK reported that crypto losses from hacks and exploits fell to $68.3 million in May, about 90% lower than the estimated $650 million stolen in April.
Summary
- Crypto losses fell to $68.3 million in May, about 90% lower than the roughly $650 million recorded in April, according to CertiK.
- Verus Protocol and THORChain experienced two of the biggest exploits of the month, with combined losses exceeding $21 million.
- CertiK reported an increase in AI-assisted malware activity as attackers targeted code repositories and AI coding tools.
According to blockchain security firm CertiK, May was the third month of 2026 to record less than $100 million in crypto-related losses after attackers stole $68.3 million through exploits, scams, and security breaches.
This figure comes after a difficult April, when losses reached almost $650 million. CertiK noted that, with the exception of the $1.5 billion Bybit hack in February 2025, April recorded the largest monthly loss since March 2022. The $291 million exploit targeting Kelp DAO accounted for the largest incident that month.
Although losses have decreased significantly in May, several major attacks still affect the sector. Data from CertiK shows that an exploit targeting the Verus Protocol bridge on May 18 caused a loss of $11.5 million, making it the largest incident of the month. The attack on THORChain followed about $10.1 million stolen from the protocol.
Data fragmentation shows that code vulnerabilities remain the most expensive attack vector. CertiK reported that errors in the protocol code accounted for approximately $45 million in losses, representing approximately 66% of the month’s total. Wallet and private keys ranked second, with attackers stealing $13.7 million from those incidents.
Cross-chain infrastructure has continued to attract significant attention from attackers. According to CertiK, the exploitation of different bridges caused a loss of 28.6 million dollars in May, or about 42% of the total for the month, which puts it ahead of the financial regulations that are divided among the most targeted sectors.
Data from DeFiLlama recorded 29 security incidents during the month, including seven cases involving compromised private keys.
Among the recent attacks there was an exploit affecting the Alephium Bridge and the Gravity Bridge on May 30. The data shows that the incidents resulted in a loss of approximately $815,000 and $5.4 million, respectively, after the attackers gained access to the private keys.
AI-powered attacks add to security concerns
Even though total losses have decreased, security researchers continue to warn about changes in attackers’ tactics.
In April, CertiK’s senior blockchain investigator Natalie Newson warned that threat actors are increasingly combining social engineering, phishing campaigns, supply chain compromise, and cross-chain vulnerabilities to execute mass attacks. Newson also warned that artificial intelligence tools are making cybercriminal activities more sophisticated and easier to measure.
CertiK’s latest findings suggest the trend is continuing. The company reported that AI-assisted malware activity increased in May, with attackers targeting both crypto developers and AI developers by compromising code repositories and manipulating AI code assistants.
Newson previously said that tools capable of creating virtual deepfakes, independent attack agents, and software capable of identifying vulnerabilities and generating exploit code are becoming increasingly accessible.
According to CertiK, such capabilities add new vulnerabilities at a time when attackers are already exploiting weaknesses in cross-chain systems and private key management.
In the meantime, CertiK advises users to always be aware of phishing attempts, verify the authenticity of websites and smart contracts, and consider using cold wallets to minimize the exposure of private keys during daily operations.
