Crypto losses totaled $68.3 million in May — a steep slide from April's $650 million. But that headline number hides a darker trend: physical attacks on holders are climbing, and North Korea-linked actors still account for more than half of all losses so far this year.
Bridges and code bugs drive the May tally
Cross-chain bridges were the single biggest vector, accounting for 42% of May's losses — about $28.6 million. Code vulnerabilities drove two-thirds of the total. The largest single hit was the $11.5 million Verus-Ethereum Bridge exploit on May 18. By comparison, phishing attacks cost the industry just $2.6 million last month.
Wrench attacks are getting worse
Physical attacks on crypto holders — so-called wrench attacks — rose 75% in 2025, to 72 confirmed incidents with $41 million in known losses. And 2026 is on pace to be worse. Through the first four months of this year, researchers logged 34 verified attacks with estimated losses topping $100 million globally. That's a threefold increase from 2023 to 2025, according to Jameson Lopp's database.
North Korea's 55% share
Year-to-date through May, the crypto sector has lost $1.1 billion across 185 incidents. North Korea-linked actors were responsible for $620.9 million — 55% of the total — despite executing only 12% of the attacks. Their tactics are shifting, too. AI-assisted social engineering and weaponized generative tools are giving developers a harder time spotting the threat.
Some money came back
It wasn't all bad news. About $9.4 million was recovered or returned to affected treasuries in May. That's small relative to the $68 million lost, but it's a reminder that not every exploit ends in total loss. Still, with physical attacks accelerating and state-backed groups refining their tools, the industry's security gap isn't closing fast enough.
