DeFi hacks accounted for most of May's $302 million crypto losses: Certik

Crypto users and decentralized finance (DeFi) protocols lost $302 million to hacks and scammers in May, down 16.9% from the prior month, according to blockchain security firm Certik .

The latest report identified code vulnerabilities as the leading cause, accounting for over $229 million of losses across multiple incidents. This figure marked a dramatic 4,483% increase from April, largely due to a single event: the $223 million exploit of Sui-based decentralized exchange Cetus Protocol. DeFi platforms lost $241,293,960 million in total last month, with roughly $162 million recovered after a Sui community vote .

However, Certik Senior Blockchain Security Researcher Natalie Newson noted that losses from code loopholes have "decreased significantly" in recent years. Newson highlighted that total losses from code-related weaknesses dropped to roughly $173 million in 2024 from about $1.35 billion in 2021. She stressed a necessary proactive approach using tools like AI audits and continuous monitoring to further curtail vulnerabilities.

May also saw a notable decline in phishing scams, which accounted for $47.6 million in losses, sharply lower than April's $337.3 million. Hackers additionally siphoned off approximately $11 million through private key breaches, according to Certik.

Aside from Cetus, the largest May incidents included Cork Protocol’s $12 million exploit , BitoPro's $11.5 million loss , MobiusDAO’s $2.1 million breach, and Demex Nitron’s nearly $1 million case, Certik said.