Security data shows that losses from attacks and vulnerabilities in the crypto industry declined significantly in May, a substantial decrease compared to the previous month. However, cross-chain bridges and protocol code flaws remained the primary sources of risk that month, indicating that the security pressures on on-chain infrastructure have not subsided.

Losses fell below $100 million in May.

CertiK data shows that crypto-related losses fell below $100 million in May. This marks the third month in 2026 that losses have fallen below this level. Meanwhile, approximately $9.4 million of stolen funds were subsequently recovered or returned, further mitigating the actual financial impact.

DeFiLlama records show that there were 29 separate security incidents in May. Among them, phishing attacks caused losses of approximately $2.6 million.

Verus and THORChain suffered the largest losses.

The two largest incidents of the month occurred at Verus Protocol and THORChain. Verus Protocol suffered a loss of approximately $11.5 million due to an attack on its cross-chain bridge, while THORChain suffered an attack in mid-May, resulting in a loss of approximately $10.1 million.

Two more cross-chain-related incidents occurred at the end of May. Alephium Bridge suffered a loss of approximately $815,000, and Gravity Bridge suffered a loss of approximately $5.4 million. Both incidents were related to compromised private keys.

Code vulnerabilities account for about two-thirds of the losses.

In terms of causes, code vulnerabilities remain the most significant security weakness. Losses due to flaws in smart contract code and protocol implementation amounted to approximately $45 million, accounting for about 66% of total losses in May. Wallet and private key leaks were the second leading cause, resulting in losses of approximately $13.7 million.

Cross-chain bridges were the most concentrated target of attacks, accounting for approximately $28.6 million in losses that month, or about 42% of total losses. Decentralized finance protocols were the second most attacked category.

It reached a high level in recent years in April.

This decline occurred after the industry experienced a series of months of high losses. The report noted that, excluding the approximately $1.5 billion theft from Bybit in February 2025, April 2026 would be one of the most loss-making months since March 2022. The Kelp DAO attack, amounting to approximately $291 million, was a significant contributor to the high losses in April.

Researchers also noted an increase in malware threats developed using AI tools. During May, attackers began targeting crypto developers and AI engineers, including methods such as compromising software code repositories and manipulating AI coding assistants.