During the month of May there was a sharp drop in losses due to crypto exploits.
However, this drop is mainly due to a return to normality after the boom in April, and should not be confused with the price drop.
Nevertheless, it remains a positive fact that over the course of 2026 the losses due to crypto exploits have been decidedly limited, with the sole exception of April.
The drop in losses in May
The data was published by CertiK Alert on X.
Over the entire month of May, total losses due to crypto exploits were just over 68 million dollars, and May turned out to be the third month of 2026 to record losses below 100 million.
In contrast, in the month of April alone they amounted to several hundreds of millions of dollars, but that was an exception.
Just to get an idea of how little 68 million dollars in a month is in the crypto market, on Uniswap alone the monthly trading volume was 35 billion dollars, or almost 500 times as much.
Moreover, in February and March they were even less than 68 million, a figure that reveals how losses due to crypto exploits are no longer particularly significant.
It should be noted, however, that the number of exploits has decreased only slightly compared to April. In fact, excluding the month of April, they have been continuously rising since January.
What has decreased, therefore, are mainly the average losses per single exploit, perhaps also due to the fact that the crypto market is going through a bear market.
It should also be noted that in May the bulk of the losses were produced by exploits on smaller protocols, such as Verus, Thorchain, TrustedVolumes, Victom and Gravity Bridge, and this further confirms that the crypto sector is maturing more and more, especially thanks to the longer-lived and more secure protocols, such as Uniswap mentioned earlier.
The price drop
A different discussion, although partly related, is that concerning the losses generated by the price drop.
Overall, Total3, which measures the market capitalization of all altcoins excluding Ethereum and stablecoins, rose by almost 4% in May, but compared to the beginning of the year the drop remains more than 10%.
Considering Bitcoin instead, its price in May fell by more than 3%, while compared to the beginning of the year the drop extends to 17%.
Ethereum instead in May fell by as much as 11%, while since the beginning of the year the drop has been 33%.
As can be clearly understood from these figures, the drops in crypto prices are not linked to the number of exploits, although they do affect the dollar value of the losses generated by those same exploits.
The security problem
Crypto exploits are often caused by security vulnerabilities in DeFi protocols.
It is true that in the past some of the largest exploits were carried out against centralized exchanges, but in absolute terms they are not many compared to the enormous number of exploits carried out against DeFi protocols.
The key point is therefore the security of DeFi protocols, and from this perspective the longevity of a protocol often makes a big difference.
In fact, it should not be forgotten that the computer code with which such protocols operate is public and visible to everyone. Therefore, if it contains vulnerabilities, it is very likely that someone will notice them sooner or later.
But by continually finding vulnerabilities and fixing them, it becomes increasingly secure, and this is how the longest-lived DeFi protocols are often also the most secure, since there has been more time to find and fix the vulnerabilities.
On the contrary, the more recent protocols are those at greater risk, because there has still been only little time to find any vulnerabilities.
Furthermore, it should not be forgotten that vulnerabilities are more frequent than commonly thought, but the important thing is to find and fix them as soon as possible. The best protocols are those whose vulnerabilities are largely found and fixed before public release, that is, during the testing phase, while those that are launched on the market without sufficiently rigorous and in-depth testing run greater risks from this point of view.
Over the years there have even been several DeFi protocols that, once successfully attacked, were abandoned because it was not worth fixing the vulnerabilities, or because they were real scams launched by the same people who then attacked them by exploiting vulnerabilities they were already aware of.
It is therefore necessary to pay close attention to which DeFi protocols you choose to use, favoring those that have withstood more attempts at attack, and successfully, for a longer time, because only these have a high level of security.