Cross-chain bridge exploits have cost the crypto industry $328.6 million across eight separate incidents so far in May 2026, according to data from blockchain security firm Peckshield. The tally covers attacks on bridges that let users move assets between different blockchains — a corner of DeFi that's been repeatedly hammered. This month's haul already surpasses the total for all of April.
The May tally
Peckshield's figures, shared Monday, break the losses down by incident but don't name every victim. At least three of the eight attacks involved bridges that had been audited, the firm noted. The largest single event accounted for roughly $110 million; the smallest was just under $2 million. Most exploited code vulnerabilities that let attackers mint tokens on one chain and redeem them on another.
Why bridges keep getting hit
Bridges are complicated. They rely on smart contracts, validators, and often custom token logic — a lot of moving parts. Attackers have drained over $2 billion from bridges since 2021, and the pattern hasn't changed much: a bug in the verification or message-passing layer. This month's batch suggests the industry hasn't found a fix that sticks. Peckshield called the trend “concerning but not surprising” in a brief post accompanying the data.
What happens now
Several teams behind the affected bridges are still assessing the damage. At least two have paused operations indefinitely. The total might climb as more forensic reports come in. Peckshield said it expects to publish detailed breakdowns for each exploit later this week. For users holding assets on these bridges, the next few days should clarify how much — if anything — can be recovered.
