May 2026 Hack Recap: $68M Lost as Bridges and Keys Replace Code Bugs ## TL;DR May 2026 was a sharp reversal from April's record carnage. Total losses landed around $68 million, roughly a 90% drop from April's $651 million and the third month of 2026 to finish under $100 million. There was no single mega-hack this time. Instead, the damage was spread across more than 40 incidents clustered between $5 million and $15 million. The standout pattern: most of the dollar losses came from infrastructure and key management failures, not classic smart contract bugs. Cross-chain bridges alone accounted for roughly $33 million. The largest clean thefts were the Verus-Ethereum bridge ($11.6M), THORChain's vault signing breach ($10.7M), and the TrustedVolumes RFQ exploit ($6.7M). Several teams negotiated meaningful recoveries, with about $9.4 million returned across the month. The lessons are sharper than the headlines: old code left live, single keys with too much power, and bridges that verify proofs but not value. [Get your smart contracts audited before you become next month's headline →](https://app.cecuro.ai/auth?mode=signup) --- ## The Numbers That Define May 2026 After April set the all-time record for crypto theft, May looked almost calm by comparison. Almost. Industry trackers placed May's total losses between roughly $68 million and $84 million, depending on how many small incidents each dataset includes. The most widely cited figure is about $68.3 million, with around $2.6 million of that attributed to phishing. By any measure, that is a roughly 90% decline from April's $651 million, and it marks the third month of 2026 to close under $100 million. The drop is real, but it is mostly the absence of a single catastrophe. April's total was dominated by two nine-figure attacks. May had none. What it had instead was volume: more than 40 separate incidents, with the top of the table clustered tightly between $5 million and $15 million. The largest single event by tokens moved was the Superfortune AI exploit, where attackers minted about $15.18 million in value, though only a fraction was realized before the token collapsed. The more interesting story is in the composition of the losses. In April, social engineering and bridge compromise drove the headlines. In May, the center of gravity shifted to infrastructure and key management. Some trackers attribute as much as 63% of the month's losses to infrastructure-layer attacks rather than smart contract code, with cross-chain bridges responsible for roughly $33 million across eight separate incidents. Bridges have now accounted for more than $328 million in losses across 2026 alone. There was also a notable thread of recovery. Several exploited teams opened negotiations with attackers and recovered significant funds, with roughly $9.4 million returned or frozen over the course of the month. That does not undo the damage, but it is a meaningful shift from the smash-and-launder pattern of previous years. These numbers tell a clear story. The mega-hacks grab attention, but the slow, persistent drain of bridge flaws, abandoned contracts, and over-privileged keys is what defines a normal month in DeFi. --- ## The Big Three: Bridges and Vault Cryptography Three exploits stood out in May, not because they were the largest by every measure, but because each represents a clean, well-documented failure that every protocol team should study. Together they cost roughly $29 million. ### Verus-Ethereum Bridge: $11.6 Million (May 18) **Attack type:** Cross-chain message verification flaw (input/output value mismatch) The single largest clean theft of the month hit the Verus-Ethereum bridge in the early hours of May 18. The attacker drained 1,625 ETH, 103.6 tBTC, and 147,000 USDC, then swapped everything into roughly 5,402 ETH, worth about $11.6 million at the time. **How it happened:** The Verus bridge let users move assets between the Verus chain and Ethereum. To do that, it relied on a transfer "blob" that carried a state root, a Merkle proof, and the transfer instructions. On the Verus side, notaries signed off on the blob. On the Ethereum side, a function called `submitImports` verified the notary signatures, confirmed the blob hash, and released the corresponding assets. Every cryptographic check passed exactly as designed. The problem was what the code never checked. The attacker submitted a blob whose inputs on the Verus side were worth about one cent, but whose payout instructions on the Ethereum side demanded $11.6 million. Because the signatures were valid and the structure was well formed, the notaries signed it and the Ethereum contract paid it out. The verification logic confirmed that the message was authentic, but it never confirmed that the amount being released matched the amount that had actually been locked. This is the same class of flaw that drained Wormhole and Nomad in 2022: the bridge validated authenticity, not conservation of value. **The aftermath:** The Verus network halted as block-producing nodes took themselves offline, and the bridge was suspended pending a review of its verification logic. In an unusual turn, the team negotiated directly with the attacker, offering a bounty in exchange for the bulk of the funds. The attacker accepted, returning 4,052 ETH (about $8.5 million) and keeping 1,350 ETH (about $2.8 million) as the agreed bounty. On-chain analysts confirmed that roughly 75% of the stolen value was recovered. **The code pattern that enabled this:** ```solidity // VULNERABLE: the bridge verifies the proof is authentic, // but never verifies that payouts match locked inputs function submitImports( bytes calldata blob, bytes calldata signatures ) external { require(verifyNotarySignatures(blob, signatures), "Bad signatures"); require(keccak256(blob) == storedStateRoot, "Bad state root"); Transfer[] memory transfers = decodeTransfers(blob); // No comparison of source-chain inputs to destination payouts. // A blob worth $0.01 of inputs can instruct an $11.6M payout. for (uint256 i = 0; i < transfers.length; i++) { _release(transfers[i].token, transfers[i].to, transfers[i].amount); } } ``` What it should look like: ```solidity // HARDENED: enforce conservation of value plus a rate limit function submitImports( bytes calldata blob, bytes calldata signatures ) external { require(verifyNotarySignatures(blob, signatures), "Bad signatures"); require(keccak256(blob) == storedStateRoot, "Bad state root"); (Transfer[] memory transfers, uint256 declaredInputValue) = decodeTransfers(blob); // The core invariant: you cannot withdraw more than was locked. uint256 totalPayout; for (uint256 i = 0; i < transfers.length; i++) { totalPayout += _toCommonUnit(transfers[i].token, transfers[i].amount); } require(totalPayout <= declaredInputValue, "Value mismatch"); // Defense in depth: cap how much can leave per day. require(dailyBridged + totalPayout <= dailyBridgeCap, "Cap exceeded"); dailyBridged += totalPayout; for (uint256 i = 0; i < transfers.length; i++) { _release(transfers[i].token, transfers[i].to, transfers[i].amount); } } ``` **Key lesson:** A bridge that proves a message is authentic has done only half the job. It must also prove that value is conserved across the crossing. The single most important invariant in any bridge is that you cannot withdraw more on one chain than was locked on the other. Pair that check with a daily volume cap so that even a logic gap cannot drain the whole treasury in one transaction. --- ### THORChain: $10.7 Million (May 15) **Attack type:** Threshold signature scheme compromise via a malicious validator node The THORChain exploit was the most technically unusual of the month. It was not a Solidity bug, a router flaw, or a frontend compromise. It was an attack on the cryptography that protects THORChain's protocol-owned vaults. Losses came to roughly $10.7 million, drawn from Bitcoin, Ethereum, BNB Chain, and Base. Critically, only protocol-owned funds were affected. No individual user's swap was touched. **How it happened:** THORChain secures its vaults with a Threshold Signature Scheme (TSS), where a group of validator nodes jointly hold a private key. No single node ever sees the full key. Signing requires a quorum to cooperate, which is what makes the design attractive: compromising one node should not be enough. The attacker exploited a known weakness in the GG18/GG20 family of threshold signing protocols. They funded and bonded a validator node weeks in advance, using laundered funds to stay quiet, then waited for it to "churn" into the active signing set. Once inside, the malicious node sent malformed cryptographic proofs during the signing rounds. In this class of attack, a single dishonest participant can gradually leak the other parties' key shares over repeated rounds, eventually reconstructing the full vault key offline. With the key rebuilt, the attacker swept the vaults in one coordinated move. This is the same family of vulnerability that researchers had flagged in threshold signing implementations years earlier. **The aftermath:** Automated safeguards detected the irregular activity within minutes and halted all trading and signing for roughly 12 to 13 hours. The malicious node's bonded stake was slashed. The team paused churn, delayed chain onboarding, and discussed covering the losses through protocol-owned liquidity rather than minting new tokens. The RUNE token fell about 12% on the news. **The pattern that enabled this:** Threshold signing is not Solidity, so the lesson is conceptual rather than a single function. But the failure mode is concrete: ```text // CONCEPTUAL: threshold signing is only as safe as its // weakest co-signer // In GG18 / GG20, a single malicious participant who sends // malformed proofs during key generation or signing can leak // the honest parties' key shares across repeated rounds, then // reconstruct the full private key offline. // Two failures compounded here: // 1. The signing protocol did not reject malformed proofs // with an identifiable abort that names the bad actor. // 2. A freshly bonded node could enter the active signing // set quickly, with no extended probation before it // participated in real signing rounds. ``` **Key lesson:** Multi-party cryptography removes the single-key risk but introduces a new one: a dishonest insider in the signing set. Any TSS deployment needs an implementation that performs identifiable abort (rejecting and naming any participant who submits a malformed proof), a meaningful bonding and probation delay before a new node can sign over real funds, and periodic key-share refresh so that slowly leaked shares expire before they can be assembled. Decentralized signing is a security upgrade only when the protocol assumes some of its own signers may be malicious. --- ### TrustedVolumes: $6.7 Million (May 7) **Attack type:** Missing access control plus broken replay protection On May 7, attackers drained about $6.7 million from TrustedVolumes, a market maker operating custom request-for-quote (RFQ) swap infrastructure. The loss included 1,291 WETH, 16.9 WBTC, and more than 1.4 million in USDT and USDC, pulled across roughly 85 transactions on Ethereum. It is worth being precise here: the flaw was entirely in TrustedVolumes' own RFQ proxy. The DEX aggregator it integrated with was not compromised, and its users were unaffected. **How it happened:** Three bugs chained together. First, the function that registered approved order signers had no access control at all. The attacker simply deployed a contract whose constructor called `registerAllowedOrderSigner` and added their own address as a valid signer. Second, the authorization check keyed on one field of the order (the receiver) while the funds were pulled from a different field (the inventory), and both were attacker-controlled. That let the attacker authorize an order with their own receiver while draining the TrustedVolumes vault as the funding source. Third, the replay protection read order-fill status from a different storage slot than the one it wrote to, so orders were never marked as consumed and could be filled repeatedly. On-chain analysts later linked the attacker's wallet to a 2025 exploit of a separate market maker, suggesting the same operator returning to a familiar playbook. **The code pattern that enabled this:** ```solidity // VULNERABLE: anyone can register as a signer, authorization // checks the wrong account, and replay protection is broken function registerAllowedOrderSigner(address signer, bool allowed) external { allowedSigners[signer] = allowed; // no access control } function fillOrder(Order calldata order, bytes calldata sig) external { address signer = recover(order, sig); require(allowedSigners[signer], "Bad signer"); // Authorization is keyed on order.receiver, but funds are pulled // from order.inventory. Both are attacker-controlled. require(!filled[wrongSlot(order)], "Already filled"); // wrong slot _pull(order.inventory, order.amount); // drains the victim vault _send(order.receiver, order.amount); // sends to the attacker } ``` What it should look like: ```solidity // HARDENED: restrict registration, bind authorization to the // account whose funds move, and consume the slot you check function registerAllowedOrderSigner(address signer, bool allowed) external onlyOwner { allowedSigners[signer] = allowed; } function fillOrder(Order calldata order, bytes calldata sig) external { address signer = recover(order, sig); require(allowedSigners[signer], "Bad signer"); // The signer must be authorized for the exact account funding the swap. require(signerForInventory[order.inventory] == signer, "Unauthorized"); bytes32 id = keccak256(abi.encode(order)); require(!consumed[id], "Already filled"); consumed[id] = true; // write the same slot you read _pull(order.inventory, order.amount); _send(order.receiver, order.amount); } ``` **Key lesson:** Three small oversights became a $6.7 million loss. Every state-changing function that touches funds or permissions needs an explicit access modifier, authorization must be bound to the account whose assets actually move (not a sibling field an attacker can set freely), and replay protection only works if you write to the exact slot you read. None of these are exotic. They are the kind of issues a thorough review catches before deployment. --- ## The Middle Tier: $2.8M to $15M Exploits Below the big three, May produced a dense band of incidents in the low-to-mid millions, dominated by key compromise and abandoned code. **Superfortune AI ($15.18M, May 27):** The month's largest event by value moved. Attackers redirected an airdrop transfer to a lookalike destination address despite anti-poisoning controls, minting about $15.18 million in $GUA value. Only a fraction was realized before the token fell roughly 60%. The pattern points to compromised tooling or a multisig workflow rather than a contract bug, which is exactly why the realized loss was far below the headline number. **DxSale ($7.3M, May 28):** A reminder that immutable does not mean forgotten. Ownership of liquidity-locker contracts deployed back in 2021 had been silently transferred months earlier through a chain of roughly 80 wallets. The attacker then backdated unlock timestamps, zeroed fees, and batch-drained around 1,400 liquidity positions. On-chain patterns led some analysts to suspect insider involvement, though that remains unconfirmed. **Gravity Bridge ($5.4M, May 30):** Another bridge, another key. The attacker obtained enough valid validator signing keys to authorize forged withdrawals of USDC, ETH, and other assets. The bridge was halted, but the attacker still held roughly 2,100 ETH afterward, with some funds already laundered through swap services. **StablR ($2.8M headline, May 23):** A compromised minting key let the attacker add themselves as an admin, replace the existing owners, and mint roughly 13.5 million in unbacked USDR and EURR stablecoins before dumping them. Both tokens depegged, and minting and redemption were frozen. The realized loss was around $2.8 million even though the minted total was far higher. **TAC Protocol ($2.8M, May 12):** A logic error in a TON-to-EVM Jetton bridge path let the attacker drain an amount roughly equal to the protocol's entire TVL. This one ended well. The incident was reclassified as a white-hat event after 90% of the funds were returned within two days, with the researcher keeping 10% as a bounty. **RetoSwap ($2.7M, May 20):** A Monero-based DEX built on the Haveno protocol lost roughly 7,000 XMR when an attacker spoofed an out-of-order acknowledgment message to impersonate the arbitrator, then registered their own key as a second multisig signer to redirect deposited funds. Because the assets were in Monero, they are effectively untraceable and unrecoverable. **Transit Finance ($1.88M, May 13):** A historical vulnerability in a contract that had been deprecated since 2022, but never decommissioned, was finally exploited. The team pledged full user refunds and made an on-chain bounty offer to the attacker. Transit had previously suffered a much larger exploit in 2022, making this a second hit on long-lived infrastructure. --- ## The Long Tail: Smaller Exploits That Still Matter May's smaller incidents collectively add up to several million dollars and reinforce the month's central themes: aging code, missing access control, and an expanding attack surface around AI tooling. | Protocol | Date | Loss | Exploit Type | Chain(s) | | -------------------- | ------ | ------ | ------------------------------------------------------- | ------------------ | | Ekubo Protocol | May 5 | $1.4M | Token-approval exploit via flawed payment callback | Ethereum, Arbitrum | | Bisq | May 1 | $858K | Modified client against v1 trade protocol (AI-assisted) | Bitcoin | | Alephium TokenBridge | May 29 | $815K | Forged off-chain guardian messages, unbacked mint | Ethereum, BNB | | Polymarket | May 22 | $700K | Six-year-old operational key still active | Polygon | | Adshares Bridge | May 17 | $628K | Bridge verification bypass (86% later returned) | Ethereum | | Aurellion Labs | May 12 | $456K | Uninitialized Diamond proxy, unprotected initialize | Arbitrum | | SKP Token | May 27 | $213K | LP reserve manipulation amplified by flash loan | BNB Chain | | Bankr / Grok wallet | May 4 | $175K | Prompt injection plus privilege escalation on AI agent | Base | | INK Finance | May 11 | $140K | Treasury whitelist flaw plus flash loan | Polygon | | ShapeShift Colony | May 13 | $132K | Meta-transaction delegatecall hijack | Arbitrum | | MAP / Butter Bridge | May 20 | $110K+ | Hash collision enabling near-infinite mint | Ethereum, BNB | | Huma Finance (V1) | May 11 | $101K | Deprecated V1 contract logic flaw | Polygon | Several of these deserve a closer look. The Aurellion Labs incident is a textbook upgradeable-proxy mistake: a Diamond proxy whose `initialize` function was reachable through a path that never set the initialized flag, letting the attacker claim ownership, inject a malicious facet, and sweep approvals. The MAP/Butter Bridge exploit used a hash collision in a retry-verification routine that relied on `abi.encodePacked`, allowing a forged message to match a legitimate one and mint a quadrillion tokens. Huma Finance and Transit Finance were both hit through deprecated contracts that remained live years after being retired, a recurring theme in May. The most forward-looking incident was the Bankr/Grok exploit. The attacker unlocked an AI agent's transfer tools by activating a membership tier, then used a prompt-injection payload (encoded in Morse code to slip past filters) to get the AI assistant to emit a transfer command that the wallet executed automatically. Bisq's incident was also suspected to involve AI-assisted exploitation of its v1 client. These are early signals of a threat surface that did not meaningfully exist a year ago. --- ## Attack Pattern Analysis: What May 2026 Tells Us Looking across all of May's incidents, four patterns dominate. | Attack Pattern | Notable Incidents | Approx. Losses | Share of Top Losses | | -------------------------------------- | ------------------------------------------------ | -------------- | ------------------- | | Cross-chain bridge flaws | Verus, Gravity, TAC, RetoSwap, Adshares, MAP | ~$33M | ~41% | | Key / access control compromise | TrustedVolumes, StablR, Polymarket, Superfortune | ~$25M | ~31% | | Deprecated / legacy contracts | DxSale, Transit, Huma V1, INK | ~$9.5M | ~12% | | Cryptographic / signing scheme failure | THORChain | ~$10.7M | ~13% | ### Pattern 1: Bridges Are Still the Single Biggest Loss Category For the second straight month, cross-chain bridges led the dollar losses, with roughly $33 million across eight incidents and more than $328 million for the year so far. Verus, Gravity Bridge, TAC, RetoSwap, Adshares, and the MAP/Butter Bridge all failed in different ways, but they share a root cause: a message-verification layer that confirms a message looks valid without confirming that the underlying value is real and conserved. Until bridges treat conservation of value as their primary invariant, this category will keep topping the charts. ### Pattern 2: Keys and Access Control Did the Most Damage Per Incident May was, more than anything, a month of permission failures. TrustedVolumes had no access control on a critical function. StablR, Gravity, and Polymarket lost control of signing keys, in Polymarket's case a key that had been live for six years. Superfortune's loss traced to compromised tooling rather than code. These are not exotic zero-days. They are the slow accumulation of over-privileged keys and unguarded functions that audits and key-management reviews are designed to catch. ### Pattern 3: Deprecated Does Not Mean Decommissioned DxSale's 2021 lockers, Transit Finance's 2022 contract, Huma's V1 pool, and INK Finance's old treasury proxy were all exploited in May. On an immutable blockchain, retiring a contract from your frontend does nothing to the bytecode still sitting on-chain with live approvals and balances. Attackers actively scan for exactly this kind of forgotten infrastructure. Every protocol should maintain an inventory of every contract it has ever deployed and explicitly revoke or drain anything no longer in use. ### Pattern 4: The AI Attack Surface Is Now Real The Bankr/Grok prompt-injection exploit and the suspected AI-assisted Bisq incident are small in dollar terms but large in significance. As protocols wire AI agents into wallets and trading flows, the prompt becomes an attack surface, and natural-language instructions become a privilege-escalation path. This is a category that barely registered a year ago and will only grow. --- ## What Would Have Prevented These Attacks Every major May exploit maps to a known, preventable vulnerability class. **For bridge exploits (Verus, Gravity, TAC, MAP):** Conservation-of-value checks that compare locked inputs to released outputs on every cross-chain message. Daily volume caps that bound the maximum loss from any single logic gap. Multi-signer verification with no single key able to authorize a withdrawal. Collision-resistant message encoding (`abi.encode` rather than `abi.encodePacked` for multi-field hashing). [Audit your smart contracts with Cecuro →](https://app.cecuro.ai/auth?mode=signup) **For key and access control failures (TrustedVolumes, StablR, Polymarket, Superfortune):** Explicit access modifiers on every state-changing function, verified by a review that enumerates who can call what. Authorization bound to the exact account whose funds move. Timelocked, multisig-gated minting and admin changes. Rotation policies that retire old operational keys instead of leaving them live for years. **For deprecated contract exploits (DxSale, Transit, Huma, INK):** A complete inventory of every deployed contract, with deprecated contracts explicitly paused, drained, or self-destructed where possible. Revocation of outstanding token approvals on retired infrastructure. Periodic re-review of any contract that still holds value or permissions. **For cryptographic and AI-layer attacks (THORChain, Bankr/Grok):** Identifiable-abort threshold signing implementations, bonding and probation delays for new signers, and periodic key-share refresh. For AI-integrated systems, strict separation between the AI's reasoning layer and any function that can move funds, with hard authorization checks that a prompt cannot bypass. --- ## What This Means for Protocol Builders May 2026 makes the same point April did, from the opposite direction. April showed that the biggest losses can come from outside the code, through social engineering and infrastructure. May showed that the steady, grinding losses come from the same place: bridges that verify the wrong thing, keys with too much power, and contracts everyone forgot were still live. The takeaway is not that smart contract audits matter less. It is that security has to cover the full lifecycle, from a single function's access modifier to the operational keys that govern it to the deprecated contracts still sitting on-chain years later. Modern protocol security works in three layers. **Layer 1: Pre-deployment auditing.** Comprehensive review that covers code correctness, access control on every state-changing function, upgrade and proxy safety, bridge value conservation, and cross-chain message validation. This is where flaws like the TrustedVolumes access control gap, the Aurellion proxy initialization bug, and the Verus value-mismatch should be caught before they ship. **Layer 2: Continuous monitoring.** Real-time detection of anomalous activity: unusual bridge volumes, unexpected admin transactions, mints with no corresponding backing, and interactions with contracts thought to be deprecated. May's attackers moved fast and often in a single transaction, so monitoring has to trigger automated responses, not just alerts. **Layer 3: Operational security.** Key rotation, timelocked governance, hardware-backed signing, and an honest inventory of every contract a team has ever deployed. This is the layer that produced most of May's losses, and it is the one teams neglect most. Here is how Cecuro fits against the traditional model. | Dimension | Traditional Audit | Cecuro | | ---------- | ------------------------ | --------------------------------------------------- | | Turnaround | 2 to 6 weeks | Hours, typical | | Cost | $20K to $100K+ | Free trial, pricing starts at $799, about 90% less | | Coverage | Often single-chain focus | All chains and smart contract languages | | Technology | Manual, schedule-limited | AI-powered, multi-agent analysis | | Detection | Varies by reviewer | #1 on EVMBench (OpenAI exploit benchmark) | Cecuro's AI-powered platform analyzes smart contracts across all chains and languages in hours, not weeks, free trial and pricing that starts at $799, roughly 90% lower cost than traditional approaches. Speed and cost do not come at the expense of depth. Cecuro ranks first on EVMBench, the independent benchmark built by OpenAI, Paradigm, and OtterSec. Our analysis includes threat modeling for the exact patterns that defined May 2026: bridge value-conservation checks, access control enumeration, proxy initialization safety, and deprecated-contract exposure. [Start your free audit today →](https://app.cecuro.ai/auth?mode=signup) --- ## Looking Ahead: June 2026 May's 90% drop is encouraging, but it would be a mistake to read it as a trend. The month had no mega-hack, and a single nine-figure incident in June would erase the improvement overnight. The underlying attack surface did not shrink. If anything, it widened. Three signals point to where June and beyond are heading. Bridges remain the largest and most persistent loss category, and nothing structural changed in May to fix that. Deprecated contracts are being actively hunted, which means every protocol with a multi-year deployment history is carrying risk it may not have inventoried. And the AI attack surface, visible in the Bankr/Grok and Bisq incidents, is brand new and growing as more protocols wire language models into transaction flows. The protocols that stay out of next month's recap will be the ones that treat security as continuous and complete: code, keys, bridges, and the long tail of old contracts, reviewed and monitored as an ongoing cycle rather than a one-time checkbox. May 2026 cost the industry about $68 million. The bill was smaller this time. The lessons were not. --- The Cecuro Security Team publishes monthly hack recaps to keep the community informed about emerging threats and prevention strategies. For real-time smart contract auditing and continuous protocol monitoring, visit [app.cecuro.ai](https://app.cecuro.ai).