DeFi hacks accounted for most of May's $302 million crypto losses: Certik
Quick Take
- Code vulnerabilities were the biggest attack vector, although Cetus Protocol’s $223 million saga skewed data from this category.
- Certik noted a massive decrease in May phishing scams compared to April.
Crypto users and decentralized finance (DeFi) protocols lost $302 million to hacks and scammers in May, down 16.9% from the prior month, according to blockchain security firm Certik.
The latest report identified code vulnerabilities as the leading cause, accounting for over $229 million of losses across multiple incidents. This figure marked a dramatic 4,483% increase from April, largely due to a single event: the $223 million exploit of Sui-based decentralized exchange Cetus Protocol. DeFi platforms lost $241,293,960 million in total last month, with roughly $162 million recovered after a Sui community vote.
However, Certik Senior Blockchain Security Researcher Natalie Newson noted that losses from code loopholes have "decreased significantly" in recent years. Newson highlighted that total losses from code-related weaknesses dropped to roughly $173 million in 2024 from about $1.35 billion in 2021. She stressed a necessary proactive approach using tools like AI audits and continuous monitoring to further curtail vulnerabilities.
May also saw a notable decline in phishing scams, which accounted for $47.6 million in losses, sharply lower than April's $337.3 million. Hackers additionally siphoned off approximately $11 million through private key breaches, according to Certik.
Aside from Cetus, the largest May incidents included Cork Protocol’s $12 million exploit, BitoPro's $11.5 million loss, MobiusDAO’s $2.1 million breach, and Demex Nitron’s nearly $1 million case, Certik said.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
