Crypto hacks cost $302 million in May; code flaws and DeFi exploits dominate losses

By category, the code vulnerabilities were the leading cause of the loss of funds, and around $229.67 million were lost due to these, followed by phishing attacks that stood at $47.63 million, and private key compromises at $11.65 million. Price manipulation and token dumps contributed around $1.05 million and $266,000 to the total funds lost.

In terms of the type of platforms that were targeted by cybercriminals, DeFi protocols were hit hardest, suffering losses worth $241.29 million, followed by incidents involving social engineering ($35.55 million), centralised exchanges ($11.17 million), wallet drainers ($8.58 million), and address poisoning ($3.49 million).

The CertiK data shows that despite the heavy damage, $162 million was recovered by these crypto platforms.

The report shows that flash loan attacks have seen a significant decline in May at $0.4 million compared to April 2025’s $5.9 million. Phishing also fell from $37.8 million to $6.6 million. Exploits, on the other hand, were almost equal to March’s $239.9 million but less than $51.5 million in April.

The data shows that code vulnerabilities remain the weakest link, leading to the majority of May’s losses.

Crypto hacking remains a persistent threat, with four years in the past decade individually seeing more than a billion dollars’ worth of crypto stolen (2018, 2021, 2022, and 2023). 2024 marks the fifth year to reach this troubling milestone, highlighting how, as crypto adoption and prices rise, so too does the amount that can be stolen.