Crypto exploit losses in May drop 90% to $68M: CertiK
Crypto exploit losses fell to $68 million in May, down about 90% from April’s $650 million, according to CertiK. That sounds like relief, and in one narrow sense it is. But traders should not treat security losses as post-incident cleanup. They move DeFi risk premiums, drain or freeze bridge liquidity, and change how investors price ETH-linked protocols after every exploit cycle. May’s $68.3 million total looks better. Not clean. Better.
CertiK said crypto platforms lost $68.3 million to exploits in May, almost 90% less than in April. In a Sunday post on X, CertiK wrote, “After a particularly bad April, May is now the third month of 2026 to record losses under [$100 million].” Phishing attacks accounted for about $2.6 million, while about $9.4 million was recovered or returned. I’ll be honest: that recovery number is useful, but it can make the month look tidier than it was. Attackers still got into bridges, wallets, and DeFi code.
The April comparison matters because April was ugly. Excluding the $1.5 billion Bybit hack in February 2025, it had the highest monthly losses since March 2022, mostly because of the $291 million Kelp DAO exploit. May looked calmer because the largest individual hit was smaller: Verus Protocol’s cross-chain bridge lost $11.5 million on May 18, and THORChain lost $10.1 million in a mid-May exploit. Is that enough to call May healthy? No. Smaller monthly totals still hurt when the losses land on infrastructure traders actually use.
The market impact starts with ETH, whether or not every exploit is “an Ethereum problem” in the strict technical sense. DeFi and bridges still sit close to Ethereum’s risk story, even when an exploit touches several chains. For context, BTC was listed at $66,699 on March 31, 2026 after a Q1 performance of -24%. ETH was listed at $2,024 after a Q1 performance of -32%. That gap matters. My take: when ETH is already trailing BTC, another month of bridge and DeFi failures gives allocators a simple reason to demand a bigger discount for smart contract risk, even if losses fall below $100 million.
Code vulnerabilities caused the largest share of May’s losses: about 66% of the total, or roughly $45 million. Wallet and private key compromises came next, with $13.7 million stolen. That split is not cosmetic. Code risk pressures protocol tokens because it raises questions about audit quality and upgrade controls. Private key risk hits custody assumptions, especially for bridges and smaller DeFi teams. Cross-chain bridges took the worst damage, with $28.6 million lost, or 42% of the monthly total. DeFi protocols followed.
Most security writeups say bridges make liquidity more efficient. That’s only half right. Bridges are meant to move liquidity more easily, but portability comes with a security bill, and users keep paying it. BTC can sit outside that stack and still catch risk-off flows when DeFi confidence weakens. ETH does not get the same distance from the application layer built around it. For context, XRP was listed at $1.32 on March 31, 2026 after a Q1 performance of -29%, SOL at $82.44 after -34%, and TRON at $0.32 after 12%. Those numbers help explain why security headlines hit harder when altcoin beta is already shaky.
The regulation angle is blunt. CertiK’s May data gives agencies and lawmakers a simple line: even in a better month, crypto platforms still lost $68.3 million. DeFiLlama tracked 29 incidents, including seven tied to compromised private keys. That does not mean the SEC or CFTC will act against any specific protocol mentioned here. It does mean exchange operators, listed crypto equities such as COIN, and staking or DeFi access products will get more questions about disclosures, custody controls, incident response, and bridge exposure.
The last two incidents reported on May 30 were Alephium Bridge and Gravity Bridge. Alephium Bridge was hit for $815,000. Gravity Bridge lost $5.4 million. Both were tied to compromised private keys. Bad timing. For anyone hoping June would start with a cleaner tape, the month begins with bridge risk still sitting in users’ minds. The source also said AI-assisted malware rose in May, with attackers targeting crypto and AI developers through compromised code repositories and attempts to trick AI coding assistants.
CertiK’s own comment treats May as relief after April, not a win. That distinction matters. Counter to the usual advice, I would not focus only on the month-over-month drop. May was the third month of 2026 with losses under $100 million, but April’s $650 million hit and the $291 million Kelp DAO exploit are still recent enough to affect positioning. Traders do not need panic to change behavior. They need repeated proof that weak code, weak key management, and bridge exposure can become real losses fast.
What this means
May’s $68.3 million loss figure is a clear drop from April’s $650 million shock, but the details still point to real risk in DeFi and cross-chain infrastructure. ETH-linked protocols remain exposed to the perception trade. BTC can benefit when investors separate base-layer store-of-value exposure from smart contract and bridge risk. Yes, this sounds like it contradicts the calmer headline. It doesn’t. The pressure is not limited to one token; it hangs around bridge protocols, THORChain after its $10.1 million exploit, Verus Protocol after the $11.5 million May 18 exploit, and any DeFi token that depends on cross-chain liquidity.
Watch June bridge incident data first. Then watch the next CME BTC and ETH futures positioning reports for signs that traders are cutting altcoin beta while keeping BTC exposure. The clean market reference from recent context is BTC near $66,699 and ETH near $2,024 on March 31, 2026. Why does this matter? Because if ETH keeps underperforming BTC after the May 30 Alephium Bridge and Gravity Bridge incidents, security risk may be starting to affect allocation decisions. The next thing to watch is the follow-through from May 30 into early June, when traders will find out whether private key compromises were isolated hits or the start of the month’s main security story.