Cryptocurrency Theft Sees Sharpest Decline in Years, Dropping to $68.3 Million in May.

The cryptocurrency landscape witnessed a significant downturn in security-related losses in May, with a total of $68.3 million in losses reported, according to a recent analysis by CertiK, a renowned blockchain security firm. This substantial decline represents a 90% drop from the staggering $650 million lost in April, which had marked one of the most severe monthly records for the industry. The recent figures, published by CertiK on May 31, 2026, indicate that May is the third consecutive month in 2026 where losses have remained below the $100 million threshold.

A closer examination of the incidents in May reveals that phishing schemes accounted for a relatively minor $2.6 million of the total losses. However, security efforts yielded a notable recovery of approximately $9.4 million in stolen cryptocurrency, which was either repatriated or voluntarily returned. The most significant security breach occurred on May 18, when the cross-chain bridge infrastructure of Verus Protocol was compromised, resulting in $11.5 million in stolen assets. THORChain suffered the second-largest incident, with attackers extracting $10.1 million during a mid-May security breach.

Cross-chain bridge platforms emerged as the most vulnerable infrastructure type, accumulating $28.6 million in losses, which constitutes 42% of the total damages incurred in May. Programming vulnerabilities were identified as the primary cause of losses, with defective code implementations accounting for approximately $45 million, or 66% of the aggregate losses. Wallet breaches and private key compromises ranked second among attack vectors, resulting in $13.7 million in stolen funds.

DeFiLlama's tracking data reveals that May witnessed 29 distinct security incidents, with private key compromises implicated in seven separate attacks. The month concluded with two notable incidents reported on May 30, affecting both Alephium Bridge and Gravity Bridge platforms, resulting in losses of $815,000 and $5.4 million, respectively. Both breaches were attributed to compromised private key security.

CertiK's analysis also highlights an emerging trend involving the deployment of AI-enhanced malware throughout May. Threat actors targeted cryptocurrency and artificial intelligence developers by compromising code repositories and manipulating AI-powered coding assistants to execute malicious operations. Despite the improved figures compared to April, cybersecurity experts stress that cross-chain bridge infrastructure and private key management protocols remain significant vulnerability areas that require attention throughout the remainder of 2026.