Over $300M Lost to Crypto Scams, Exploits, and Hacks in May: CertiK

According to blockchain security firm CertiK, over $300 million was lost to bad actors in the crypto market in May due to security breaches like phishing and scams. However, the nature of these incidents revealed a shift in attacker strategy.

#CertiKStatsAlert 🚨

Combining all the incidents in May we’ve confirmed ~$140.1M lost to exploits, hacks and scams after ~$162m was frozen.

~$8.5M of the total is attributed to phishing.

More details below 👇 pic.twitter.com/LTE6axKeGi

— CertiK Alert (@CertiKAlert) June 2, 2025

While phishing dominated the landscape in April, smart contract vulnerabilities emerged as the primary threat in May, leading to over $229 million in losses. This marked a dramatic spike, reversing a multi-year trend where such code-level exploits had declined.

Code Exploits Lead, Phishing Retreats

CertiK’s Natalie Newson highlighted the trend reversal, noting that losses from code issues had significantly dropped since 2021 when they topped $1.3 billion. In contrast, just $173 million was lost to similar flaws throughout 2024.

Yet, May stood out as an exception. One of the biggest attacks was on Cetus Protocol, where more than $220 million was drained. Other notable incidents included losses at BitoPro and Cork Protocol, as well as smaller breaches involving MobiusDAO and Demex Nitron.

Phishing was still present but on a much smaller scale, accounting for around $47.6 million. The drastic drop from April’s phishing total of over $337 million suggests a shift in attacker strategy rather than a decline in malicious activity. Meanwhile, exposed private keys were responsible for $11.6 million in losses, and price manipulation accounted for about $1 million.

Nervos Breach Extends Trouble Into June

Just two days after May ended, a new breach added to the rising toll. On June 2, Nervos Network’s cross-chain bridge suffered an attack that led to roughly $3 million in stolen assets.

According to CoinTab, the attacker gained unauthorized control over the bridge and drained multiple tokens, including ETH, USDT, USDC, DAI, and WBTC. These assets were converted to ETH and funneled through Tornado Cash, a tool commonly used to mask transaction history.

In response, Nervos paused the affected contracts and began an internal investigation. Initial findings suggest the breach resulted from weak access controls, allowing the attacker to seize bridge authority.

The post Over $300M Lost to Crypto Scams, Exploits, and Hacks in May: CertiK appeared first on Cointab.