Crypto security losses fell sharply in May, dropping by nearly 90 percent from April, with CertiK reporting about $68.3 million in total confirmed losses, including roughly $66.6 million from exploits and $2.6 million from phishing.
CertiK said in a post on X that combined crypto security incidents in May resulted in roughly $68.3 million in losses, adding that May became the third month of 2026 in which losses stayed below $100 million, following what it described as a “particularly bad April.”
May losses retreat after April spike
The decline marks a sharp reversal from April, when CertiK’s data showed total confirmed losses reaching about $651 million. In May, exploit losses fell to about $66.6 million, while phishing losses dropped to around $2.6 million, down from $3.5 million in April.
CertiK recorded 60 incidents in May, compared with 62 in April, suggesting that the sharp drop in losses reflected fewer large-scale breaches rather than a major decline in attack activity.
Verus and THORchain lead major incidents
Verus topped CertiK’s list of May incidents with about $11.5 million in losses, followed by THORchain at roughly $10.1 million and TrustedVolumes at about $6.5 million.
Other major incidents included Victim 0x2cFED at about $5.9 million and Gravity Bridge at about $5.4 million. StableR, NewMarket Trading, TAC, D-Site and Hakerno RealSwap also appeared among the largest reported incidents, each with losses ranging from about $2.7 million to $3.5 million.
By category, code vulnerability was the largest source of losses in May, accounting for about $45.1 million. Wallet compromise followed at around $13.8 million, while validator compromise caused about $5.4 million in losses and phishing ranked fourth at about $2.7 million.
Bridge and DeFi attacks dominate
By incident type, bridge-related attacks caused the biggest losses in May, totaling about $28.6 million. DeFi incidents followed closely with about $23.9 million in losses, while meme token, exchange and unverified contract incidents made up smaller portions of the monthly total.
CertiK also reported about $9.4 million in returned funds during the month, reducing the net impact of some incidents.
Code flaws and wallet compromises remain costly threats
Even with the month-on-month decline, the figures show that code flaws, wallet compromises and bridge vulnerabilities remain among the most costly risks facing crypto projects.
Those risks extend beyond May’s total, with bridges still drawing attackers as they hold large pools of assets and depend on complex validation systems, while compromised keys can give attackers direct access to project-controlled wallets.
In April, Kelp DAO suffered what Halborn described as the largest DeFi hack of 2026 at the time, adding to concerns around cross-chain and protocol-level weaknesses.
In March, Resolv became a major wallet-control example after a compromised key allowed an attacker to mint unbacked USR and extract roughly $23 million.
The earlier $1.5 billion Bybit hack, which the FBI attributed to North Korean actors, also showed how wallet compromise can outweigh broader platform defenses when attackers gain control of wallet approvals.