Crypto Bridge Exploits Hit $328.6M in May as Peckshield Tracks 8 Major Incidents

📄Full Article· Automatically extracted by trafilatura2886 words

Cross-chain bridges, infrastructure that allows assets to move between separate blockchain networks, have now lost $328.6 million to attackers across eight separate incidents in May 2026. Crypto Bridge Exploits Hit $328.6M in May as Peckshield Tracks 8 Major Incidents Key Takeaways Crypto’s Worst Year for Cross-Chain Hacks Blockchain security and data analytics firm Peckshield released a mid-May tally of eight bridge-related exploits that collectively drained $328.6 million from cross-chain protocols so far this year. The figure adds to what has become the worst period on record for decentralized finance ( DeFi) while simultaneously exposing a systemic vulnerability that the industry has yet to resolve fully. Cross-chain bridges work by locking tokens on one blockchain and minting equivalent assets on another, creating high-value attack surfaces where exploiters need only compromise the bridge’s verification mechanism to gain access to pooled liquidity. The structural risk became undeniable in April 2026, as crypto’s most-hacked month on record, with 30 separate incidents, a pace of nearly one attack per day. Two of the largest attacks came in rapid succession that month. KelpDAO’s Layerzero V2 rsETH route was exploited for approximately $300 million on April 18, with an attacker extracting 116,500 rsETH from Ethereum’s OFT adapter without burning tokens on the source chain. A review by Chainalysis found that Layerzero had set a low 1-1 RPC quorum default, meaning a single poisoned node could authorize fraudulent cross-chain messages. KelpDAO subsequently migrated to Chainlink’s Cross-Chain Token standard, publicly blaming Layerzero for the infrastructure failure. Days later, Drift Protocol suffered a $200 million-plus exploit on its Solana-based infrastructure. A CertiK analyst noted that the incidents reflected a high-stakes shift in cross-chain cybercrime strategy, with attackers growing more sophisticated in how they identify and exploit bridge verification weaknesses. Death by a Thousand Cuts Smaller incidents have poured in the months before and even since, with IoTeX’s bridge being hit for approximately $2 million in February through a private key exploit. Subsequently, TAC Protocol lost $2.8 million in early May in what was later classified as a white hat incident after the hacker claimed a 10% bounty. Transit Finance, a cross-chain aggregation protocol, was drained of $1.88 million on May 13 and most recently, the Verus-Ethereum bridge lost approximately $11.5 million, with the attacker’s wallet traced to a Tornado Cash seed. Peckshield data had already shown total hack losses reaching $112.5 million in the first two months of 2026 alone before April’s surge pushed cumulative losses beyond $750 million through mid-April. With May’s incidents adding to that figure, 2026 is on course to eclipse previous records for DeFi losses.

Data Status✓ Full text extractedRead Original (Bitcoin.com)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-05-17

Cardano Founder Warns Crypto’s Quantum Threat May Hit Before 2033

Similarity 180%關鍵字 may/hit/crypto

2026-05-23

Bitcoin Breaks Below $75,000 as Three Major Risks Hit at Once

Similarity 130%關鍵字 major/hit

2026-05-21

Sertexity Announces Major Milestone: Over 10,000 Users Now Registered on Its AI-Powered Crypto Arbitrage Platform

Similarity 130%關鍵字 major/crypto

2026-05-19