Losses from crypto platform exploits and scams dropped sharply in May 2026, falling to $68.3 million — a 90% decline from April's staggering $650 million, according to blockchain security firm CertiK. The month marked the third time in 2026 that total losses remained under $100 million, with phishing contributing only $2.6 million.
April had been one of the worst months on record, driven by a $291 million exploit of Kelp DAO. May's highest single loss came from Verus Protocol's cross‑chain bridge, which lost $11.5 million on May 18, followed by a $10.1 million attack on THORChain. Together with incidents on TrustedVolumes ($6.58 million), a victim address ($5.94 million), and Gravity Bridge ($5.4 million), the top five exploits accounted for nearly half the monthly total.
Code vulnerabilities remained the primary attack vector, responsible for about $45 million (66%) of all losses. Wallet and private key compromises added $13.7 million. Cross‑chain bridges were the most targeted category, making up $28.6 million (42%) of losses, highlighting persistent weaknesses in bridge security.
CertiK recorded 60 separate incidents in May, the highest monthly count of 2026, though the total value was relatively low. Recovered funds reached $9.38 million, a recovery rate of roughly 13.7%, continuing a trend of partial fund recovery seen earlier in the year.
Despite the encouraging decline, security researchers stressed that cross‑chain bridges and private key management remain critical concerns heading into the second half of 2026.
