Crypto hacks cost $302 million in May; code flaws and DeFi exploits dominate losses

In May 2025, the Web3 ecosystem recorded total losses of over $302 million, according to a new report by US-based blockchain security firm CertiK. The majority of these losses were due to exploits and code vulnerabilities, with a single incident involving Cetus accounting for $225.7 million, which is around 75% of the total monthly loss.

Other major incidents where the money was lost included Cork Protocol ($12 million), BitoPro ($11.17 million), Mobius DAO ($2.15 million), and Demex Nitron ($950,000).

By category, the code vulnerabilities were the leading cause of the loss of funds, and around $229.67 million were lost due to these, followed by phishing attacks that stood at $47.63 million, and private key compromises at $11.65 million. Price manipulation and token dumps contributed around $1.05 million and $266,000 to the total funds lost.

In terms of the type of platforms that were targeted by cybercriminals, DeFi protocols were hit hardest, suffering losses worth $241.29 million, followed by incidents involving social engineering ($35.55 million), centralised exchanges ($11.17 million), wallet drainers ($8.58 million), and address poisoning ($3.49 million).

The CertiK data shows that despite the heavy damage, $162 million was recovered by these crypto platforms.

The report shows that flash loan attacks have seen a significant decline in May at $0.4 million compared to April 2025's $5.9 million. Phishing also fell from $37.8 million to $6.6 million. Exploits, on the other hand, were almost equal to March's $239.9 million but less than $51.5 million in April.

The data shows that code vulnerabilities remain the weakest link, leading to the majority of May's losses.

Crypto hacking remains a persistent threat, with four years in the past decade individually seeing more than a billion dollars’ worth of crypto stolen (2018, 2021, 2022, and 2023). 2024 marks the fifth year to reach this troubling milestone, highlighting how, as crypto adoption and prices rise, so too does the amount that can be stolen.

In 2024, funds stolen increased by approximately 21.07% year-over-year (YoY) to $2.2 billion, and the number of individual hacking incidents increased from 282 in 2023 to 303 in 2024, according to the 2025 Crypto Crime Report by blockchain data platform Chainalysis.

Although DeFi still accounted for the largest share of stolen assets in the first quarter of 2024, centralised services were the most targeted in Q2 and Q3. Some of the most notable centralised service hacks include DMM Bitcoin (May 2024; $305 million) and WazirX (July 2024; $234.9 million).

Hackers linked to North Korea have become notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions. U.S. and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security.

In 2023, North Korea-affiliated hackers stole approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents — a 102.88% increase in value stolen. These figures represent 61% of the total amount stolen for the year and 20% of total incidents.