Digitnomics 
By Francisca Anuforo,
Losses from cryptocurrency hacks and blockchain exploits declined sharply in May 2026, dropping nearly 90 per cent to $68.3 million, according to new data released by blockchain security firm CertiK.
The decline follows a turbulent April in which more than $650 million was lost across Web3 protocols, including a major $291 million exploit involving Kelp DAO.
While the May figures may offer temporary relief to the crypto industry, analysts caution that the reduction does not necessarily signal a permanent improvement in blockchain security.
CertiK’s report shows that May became the third month in 2026 in which total crypto exploit losses remained below the $100 million mark.
Part of the recovery was aided by successful asset retrieval efforts, with approximately $9.4 million of stolen funds either recovered or returned through white-hat interventions, negotiations and rapid asset freezing mechanisms.
Phishing-related attacks, which historically account for significant losses in the digital asset ecosystem, were also relatively subdued, contributing only about $2.6 million to total losses.
Despite the lower headline figures, deeper vulnerabilities within decentralised finance (DeFi) infrastructure remain largely unresolved.
Cross-chain bridges once again emerged as the weakest link in the blockchain ecosystem, accounting for roughly $28.6 million, or 42 per cent, of May’s total losses.
The largest single exploit during the month targeted the Verus Protocol cross-chain bridge, resulting in losses of approximately $11.5 million on May 18.
Another major breach involved THORChain, where hackers reportedly drained about $10.1 million.
According to CertiK, code vulnerabilities remained the dominant attack vector, accounting for nearly two-thirds of all recorded losses, estimated at roughly $45 million.
Separate data from DeFiLlama identified 29 distinct security incidents during May, including seven cases linked to compromised private keys and wallet security failures.
Among these were attacks on Gravity Bridge, which reportedly lost about $5.4 million, and Alephium Bridge, where approximately $815,000 was stolen.
Industry analysts argue that the persistence of these attack patterns suggests blockchain security challenges remain deeply structural rather than temporary.
Rather than indicating that hackers are losing momentum, some experts believe May’s decline may reflect a period of tactical regrouping among sophisticated cybercriminal groups.
Security researchers note that advanced threat actors, including state-linked cybercrime groups, often operate in cycles—pausing large-scale attacks while identifying new vulnerabilities, rebuilding exploit tools and monitoring liquidity conditions within decentralised ecosystems.
There are also growing concerns around the use of generative artificial intelligence in cyberattacks.
Security analysts have reported increased attempts by attackers to compromise software repositories and manipulate AI-assisted coding systems to embed hidden vulnerabilities into emerging blockchain protocols.
The strategy reflects a longer-term approach to infiltration rather than immediate financial extraction.
Market conditions may also be influencing attack patterns.
Following April’s large-scale losses, some institutional and retail crypto investors reportedly reduced exposure to decentralised finance platforms, temporarily lowering the value of assets available for exploitation.
Experts warn that reduced hacker activity should therefore be viewed cautiously.
The report stresses that operational resilience in the blockchain industry requires continuous auditing, stronger infrastructure design and reduced dependence on centralised security structures such as multi-signature arrangements.
While May’s numbers suggest a temporary easing in exploit activity, analysts maintain that the broader cybersecurity risks facing decentralised finance remain significant.
For crypto platforms and investors, the message is clear: lower losses do not necessarily mean lower risk.
